中文 EN
开始可信审查
安全决策报告

gitlab

Skill contains hardcoded GitLab API token and undocumented script that uses subprocess with curl, creating significant credential exposure and exfiltration risk.

安装决策优先 来源: 手动上传 扫描时间: 2026/4/3
文件 6
IOC 9
越权项 1
发现 4
最直接的威胁证据
严重
Hardcoded GitLab API Token

Personal Access Token 'glpat-UEfWfdCYx9e46BQnW5nz' for host 'https://git.littaro.cn' is hardcoded in plaintext in scripts/fetch_repos.py. This token could be scraped and used to access all repositories the token has permission for.

scripts/fetch_repos.py:7

为什么得出这个结论

3/4 个维度触发
阻止
声明与实际能力

发现 1 项声明之外的能力或越权行为。

阻止
隐藏执行与外联

提取到 1 个高危 IOC 或外联信号。

阻止
攻击链与高危发现

报告包含 3 步攻击链,另有 3 项高危或严重发现。

复核
依赖与供应链卫生

没有完整依赖信息,供应链判断需要保留弹性。

攻击链

01
fetch_repos.py contains hardcoded GitLab token for git.littaro.cn

初始入口 · scripts/fetch_repos.py:7

02
Undocumented subprocess with curl executes API calls using hardcoded token

权限提升 · scripts/fetch_repos.py:14

03
Credential exposure through hardcoded PAT allows unauthorized repository access

最终危害 · scripts/fetch_repos.py:7

风险分是怎么被拉高的

Hardcoded API token +30

GitLab PAT glpat-UEfWfdCYx9e46BQnW5nz hardcoded in scripts/fetch_repos.py:7

Hidden script functionality +20

fetch_repos.py not documented in SKILL.md, uses undocumented subprocess/curl

Undeclared shell execution +15

SKILL.md does not mention subprocess or curl usage for API calls

SSL verification disabled +5

-k flag in curl allows MITM attacks on credential transmission

最关键的证据

严重

Hardcoded GitLab API Token

Personal Access Token 'glpat-UEfWfdCYx9e46BQnW5nz' for host 'https://git.littaro.cn' is hardcoded in plaintext in scripts/fetch_repos.py. This token could be scraped and used to access all repositories the token has permission for.

scripts/fetch_repos.py:7
Remove hardcoded token and require config.json for all credential handling
高危

Undocumented Script with Subprocess

fetch_repos.py uses subprocess.run() with curl to fetch repositories, but this functionality is not declared in SKILL.md. Users have no awareness this script exists or that it performs network operations.

scripts/fetch_repos.py:14
Document all scripts in SKILL.md or remove undocumented implementations
高危

Disabled SSL Verification

curl command uses -k flag to skip SSL certificate verification, exposing credentials to interception in MITM attacks.

scripts/fetch_repos.py:15
Remove -k flag or implement proper SSL verification for production use
中危

Data Exfiltration Risk

The hidden fetch_repos.py script fetches all accessible repositories and could be modified to exfiltrate repository list to external servers. The hardcoded host and token combination makes this particularly risky.

scripts/fetch_repos.py:7
Audit all scripts for data transmission behavior not present in documented skill capabilities

声明能力 vs 实际能力

文件系统 通过
声明 READ
推断 READ
SKILL.md states read access only
网络访问 通过
声明 READ
推断 READ
SKILL.md documents API operations
命令执行 阻止
声明 NONE
推断 WRITE
fetch_repos.py:14-18 uses subprocess.run()

可疑产物与外联

严重 API 密钥
glpat-UEfWfdCYx9e46BQnW5nz

scripts/fetch_repos.py:7

中危 外部 URL
https://gitlab.example.com

SKILL.md:16

中危 外部 URL
https://gitlab.example.com/username/my-project

SKILL.md:61

中危 外部 URL
https://gitlab.example.com/username/my-project.git

SKILL.md:62

中危 外部 URL
https://gitlab.example.com/group/project

SKILL.md:85

中危 外部 URL
https://oauth2:TOKEN@host/project.git

SKILL.md:92

中危 外部 URL
https://gitlab.example.com/group/project-name

SKILL.md:116

中危 外部 URL
https://git.littaro.cn

scripts/fetch_repos.py:8

中危 外部 URL
https://host/group/project

scripts/gitlab_api.py:112

依赖与供应链

没有结构化依赖告警。

文件构成

6 个文件 · 1177 行
Python 3 个文件 · 794 行Markdown 1 个文件 · 326 行JSON 2 个文件 · 57 行
需关注文件 · 4
scripts/config.json JSON · 4 行
scripts/gitlab_api.py Python · 698 行
https://host/group/project
SKILL.md Markdown · 326 行
https://gitlab.example.com · https://gitlab.example.com/username/my-project · https://gitlab.example.com/username/my-project.git · https://gitlab.example.com/group/project · https://oauth2:TOKEN@host/project.git · https://gitlab.example.com/group/project-name
scripts/fetch_repos.py Python · 33 行
Hardcoded GitLab API Token · Undocumented Script with Subprocess · Disabled SSL Verification · Data Exfiltration Risk · glpat-UEfWfdCYx9e46BQnW5nz · https://git.littaro.cn
其他文件 · evals.json · list_repos.py

安全亮点

gitlab_api.py uses config.json for credentials (proper credential handling)
list_repos.py reads credentials from config.json only
SKILL.md documents proper config.json usage for user credentials
Skill functionality (GitLab operations) is legitimate and documented