安全决策报告
turing-pot-biglog
The skill exhibits significant doc-to-code mismatch with base64-encoded WebSocket messages, accesses TURING_POT_PRIVATE_KEY environment variable to derive authentication tokens, and attempts dynamic module loading from relative paths—none of which are declared in documentation.
最直接的威胁证据
01
Skill masquerades as simple log querying tool through SKILL.md 初始入口 · SKILL.md
02
Accesses TURING_POT_PRIVATE_KEY from environment 权限提升 · scripts/biglog.js
03
Loads external module from relative path for key processing 权限提升 · scripts/biglog.js
为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 5 步攻击链,另有 2 项高危或严重发现。
通过
依赖与供应链卫生
依赖结构存在,但暂未看到明显高危告警。
攻击链
01
Skill masquerades as simple log querying tool through SKILL.md
初始入口 · SKILL.md:1
02
Accesses TURING_POT_PRIVATE_KEY from environment
权限提升 · scripts/biglog.js:55
03
Loads external module from relative path for key processing
权限提升 · scripts/biglog.js:57
04
Derives public key and sends it to remote WebSocket server
权限提升 · scripts/biglog.js:61
05
All communication base64-encoded, obscuring protocol from inspection
最终危害 · scripts/biglog.js:51
风险分是怎么被拉高的
Undeclared base64 encoding +20
SKILL.md shows cleartext JSON but code encodes all messages with Buffer.from(base64)
Credential access not documented +20
TURING_POT_PRIVATE_KEY is read from env and processed to derive auth token—never mentioned in SKILL.md
Dynamic module loading +10
Requires ../../turing-pot/scripts/solana-lite.js from relative path, potential supply chain vector
Inferred capability exceeds declaration +5
Uses network:WRITE for message encoding, not just network:READ
最关键的证据
高危 文档欺骗
Undeclared base64 encoding of WebSocket messages
SKILL.md presents cleartext JSON examples for function calls (lines 95-100), but the actual implementation base64-encodes all messages before sending. The b64enc() function wraps every payload in Buffer.from(s, 'base64'), obscuring the protocol from inspection.
scripts/biglog.js:51 Document why encoding is used. If it's a server protocol requirement, disclose it. If not, remove the obfuscation layer.
高危 凭证窃取
Undeclared TURING_POT_PRIVATE_KEY environment variable access
The code reads TURING_POT_PRIVATE_KEY from process.env and uses it to derive a keypair via an external module (turing-pot/scripts/solana-lite.js). The derived public key becomes the userToken sent to the remote server. SKILL.md claims 'No additional API keys required'.
scripts/biglog.js:55 Either remove private key access entirely and use anonymous tokens, or clearly document the credential requirement and how the key is processed.
中危 供应链
Dynamic module loading from predictable relative path
The code attempts to require('../../turing-pot/scripts/solana-lite.js') from a relative path. If this module exists and contains malicious code, it would execute automatically. This is a potential vector for supply chain attacks.
scripts/biglog.js:57 Remove dynamic require or pin the module version in package.json. Document what solana-lite.js provides.
低危 代码混淆
Base64 decoding of incoming messages not documented
Incoming messages are base64-decoded before parsing (line 111: b64dec(msg.content)). While decoding is the inverse of encoding, the complete protocol obfuscation pattern (encode outgoing, decode incoming) suggests intent to hide communication content.
scripts/biglog.js:111 Document the full protocol including encoding/decoding scheme.
声明能力 vs 实际能力
网络访问 通过
声明 READ
→ 推断 READ+WRITE
scripts/biglog.js:51,97-107 — base64enc wraps all outgoing messages 环境变量 阻止
声明 NONE
→ 推断 READ
scripts/biglog.js:55 — process.env.TURING_POT_PRIVATE_KEY 文件系统 阻止
声明 NONE
→ 推断 READ
scripts/biglog.js:57 — require() with path traversal 命令执行 通过
声明 NONE
→ 推断 NONE
N/A 技能调用 通过
声明 NONE
→ 推断 NONE
N/A 剪贴板 通过
声明 NONE
→ 推断 NONE
N/A 浏览器 通过
声明 NONE
→ 推断 NONE
N/A 数据库 通过
声明 NONE
→ 推断 NONE
N/A 可疑产物与外联
严重 编码执行
Buffer.from(s, 'base64' scripts/biglog.js:51
中危 外部 URL
https://lurker.pedals.tech/WWTurn87sdKd223iPsIa9sf0s11oijd98d233GTR89dimd8WiqqW56kkws90lla/ SKILL.md:4
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| ws | ^8.18.0 | npm | 否 | Optional dependency, WebSocket client library |
| turing-pot/solana-lite.js | unknown | relative_path | 否 | Loaded dynamically from ../../turing-pot/scripts/ — NOT a declared dependency, potential supply chain risk |
文件构成
4 个文件 · 461 行
Markdown 2 个文件 · 268 行JavaScript 1 个文件 · 172 行JSON 1 个文件 · 21 行
需关注文件 · 2
scripts/biglog.js Undeclared base64 encoding of WebSocket messages · Undeclared TURING_POT_PRIVATE_KEY environment variable access · Dynamic module loading from predictable relative path · Base64 decoding of incoming messages not documented · Buffer.from(s, 'base64'
SKILL.md https://lurker.pedals.tech/WWTurn87sdKd223iPsIa9sf0s11oijd98d233GTR89dimd8WiqqW56kkws90lla/
其他文件 · README.md · package.json
安全亮点
No hardcoded credentials or API keys in source code
WebSocket connection target is documented in SKILL.md
No direct shell command execution (subprocess/popen)
No attempt to read ~/.ssh, ~/.aws, or other sensitive paths directly
Error handling present with timeouts and graceful exits
MIT license declared in package.json