中文 EN

Scan Report

Scan New Files

High Risk — Risk Score 70/100
Last scan:2 days ago Rescan
70 /100
gitlab
GitLab operations including creating and cloning repositories, listing projects, managing issues, merge requests, branches, commits, and pipelines.
Skill contains hardcoded GitLab API token and undocumented script that uses subprocess with curl, creating significant credential exposure and exfiltration risk.
Skill Namegitlab
Duration34.5s
Enginepi
Do not install this skill
Remove hardcoded credentials from fetch_repos.py, declare all scripts in SKILL.md, and audit all subprocess calls for hidden network behavior.

Attack Chain 3 steps

Entry fetch_repos.py contains hardcoded GitLab token for git.littaro.cn
scripts/fetch_repos.py:7
Escalation Undocumented subprocess with curl executes API calls using hardcoded token
scripts/fetch_repos.py:14
Impact Credential exposure through hardcoded PAT allows unauthorized repository access
scripts/fetch_repos.py:7

Findings 4 items

Severity Finding Location
Critical
Hardcoded GitLab API Token
Personal Access Token 'glpat-UEfWfdCYx9e46BQnW5nz' for host 'https://git.littaro.cn' is hardcoded in plaintext in scripts/fetch_repos.py. This token could be scraped and used to access all repositories the token has permission for.
token = "glpat-UEfWfdCYx9e46BQnW5nz"
→ Remove hardcoded token and require config.json for all credential handling
 scripts/fetch_repos.py:7
High
Undocumented Script with Subprocess
fetch_repos.py uses subprocess.run() with curl to fetch repositories, but this functionality is not declared in SKILL.md. Users have no awareness this script exists or that it performs network operations.
subprocess.run(cmd, capture_output=True, text=True)
→ Document all scripts in SKILL.md or remove undocumented implementations
 scripts/fetch_repos.py:14
High
Disabled SSL Verification
curl command uses -k flag to skip SSL certificate verification, exposing credentials to interception in MITM attacks.
"-k", "-s",
→ Remove -k flag or implement proper SSL verification for production use
 scripts/fetch_repos.py:15
Medium
Data Exfiltration Risk
The hidden fetch_repos.py script fetches all accessible repositories and could be modified to exfiltrate repository list to external servers. The hardcoded host and token combination makes this particularly risky.
host = "https://git.littaro.cn"
→ Audit all scripts for data transmission behavior not present in documented skill capabilities
 scripts/fetch_repos.py:7
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md states read access only
Network READ READ ✓ Aligned SKILL.md documents API operations
Shell NONE WRITE ✗ Violation fetch_repos.py:14-18 uses subprocess.run()
1 Critical 9 findings
🔑
Critical API Key 硬编码 API 密钥
glpat-UEfWfdCYx9e46BQnW5nz
scripts/fetch_repos.py:7
🔗
Medium External URL 外部 URL
https://gitlab.example.com
SKILL.md:16
🔗
Medium External URL 外部 URL
https://gitlab.example.com/username/my-project
SKILL.md:61
🔗
Medium External URL 外部 URL
https://gitlab.example.com/username/my-project.git
SKILL.md:62
🔗
Medium External URL 外部 URL
https://gitlab.example.com/group/project
SKILL.md:85
🔗
Medium External URL 外部 URL
https://oauth2:TOKEN@host/project.git
SKILL.md:92
🔗
Medium External URL 外部 URL
https://gitlab.example.com/group/project-name
SKILL.md:116
🔗
Medium External URL 外部 URL
https://git.littaro.cn
scripts/fetch_repos.py:8
🔗
Medium External URL 外部 URL
https://host/group/project
scripts/gitlab_api.py:112

File Tree

6 files · 42.5 KB · 1177 lines
Python 3f · 794L Markdown 1f · 326L JSON 2f · 57L
├─ 📁 evals
│ └─ 📋 evals.json JSON 53L · 2.3 KB
├─ 📁 scripts
│ ├─ 🔑 config.json JSON 4L · 56 B
│ ├─ 🐍 fetch_repos.py Python 33L · 924 B
│ ├─ 🐍 gitlab_api.py Python 698L · 25.7 KB
│ └─ 🐍 list_repos.py Python 63L · 1.8 KB
└─ 📝 SKILL.md Markdown 326L · 11.7 KB

Security Positives

✓ gitlab_api.py uses config.json for credentials (proper credential handling)
✓ list_repos.py reads credentials from config.json only
✓ SKILL.md documents proper config.json usage for user credentials
✓ Skill functionality (GitLab operations) is legitimate and documented