中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 70/100
上次扫描:2 天前 重新扫描
70 /100
gitlab
GitLab operations including creating and cloning repositories, listing projects, managing issues, merge requests, branches, commits, and pipelines.
Skill contains hardcoded GitLab API token and undocumented script that uses subprocess with curl, creating significant credential exposure and exfiltration risk.
技能名称gitlab
分析耗时34.5s
引擎pi
不要安装此技能
Remove hardcoded credentials from fetch_repos.py, declare all scripts in SKILL.md, and audit all subprocess calls for hidden network behavior.

攻击链 3 步

入口 fetch_repos.py contains hardcoded GitLab token for git.littaro.cn
scripts/fetch_repos.py:7
提权 Undocumented subprocess with curl executes API calls using hardcoded token
scripts/fetch_repos.py:14
影响 Credential exposure through hardcoded PAT allows unauthorized repository access
scripts/fetch_repos.py:7

安全发现 4 项

严重性 安全发现 位置
严重
Hardcoded GitLab API Token
Personal Access Token 'glpat-UEfWfdCYx9e46BQnW5nz' for host 'https://git.littaro.cn' is hardcoded in plaintext in scripts/fetch_repos.py. This token could be scraped and used to access all repositories the token has permission for.
token = "glpat-UEfWfdCYx9e46BQnW5nz"
→ Remove hardcoded token and require config.json for all credential handling
 scripts/fetch_repos.py:7
高危
Undocumented Script with Subprocess
fetch_repos.py uses subprocess.run() with curl to fetch repositories, but this functionality is not declared in SKILL.md. Users have no awareness this script exists or that it performs network operations.
subprocess.run(cmd, capture_output=True, text=True)
→ Document all scripts in SKILL.md or remove undocumented implementations
 scripts/fetch_repos.py:14
高危
Disabled SSL Verification
curl command uses -k flag to skip SSL certificate verification, exposing credentials to interception in MITM attacks.
"-k", "-s",
→ Remove -k flag or implement proper SSL verification for production use
 scripts/fetch_repos.py:15
中危
Data Exfiltration Risk
The hidden fetch_repos.py script fetches all accessible repositories and could be modified to exfiltrate repository list to external servers. The hardcoded host and token combination makes this particularly risky.
host = "https://git.littaro.cn"
→ Audit all scripts for data transmission behavior not present in documented skill capabilities
 scripts/fetch_repos.py:7
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md states read access only
网络访问 READ READ ✓ 一致 SKILL.md documents API operations
命令执行 NONE WRITE ✗ 越权 fetch_repos.py:14-18 uses subprocess.run()
1 严重 9 项发现
🔑
严重 API 密钥 硬编码 API 密钥
glpat-UEfWfdCYx9e46BQnW5nz
scripts/fetch_repos.py:7
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com
SKILL.md:16
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com/username/my-project
SKILL.md:61
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com/username/my-project.git
SKILL.md:62
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com/group/project
SKILL.md:85
🔗
中危 外部 URL 外部 URL
https://oauth2:TOKEN@host/project.git
SKILL.md:92
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com/group/project-name
SKILL.md:116
🔗
中危 外部 URL 外部 URL
https://git.littaro.cn
scripts/fetch_repos.py:8
🔗
中危 外部 URL 外部 URL
https://host/group/project
scripts/gitlab_api.py:112

目录结构

6 文件 · 42.5 KB · 1177 行
Python 3f · 794L Markdown 1f · 326L JSON 2f · 57L
├─ 📁 evals
│ └─ 📋 evals.json JSON 53L · 2.3 KB
├─ 📁 scripts
│ ├─ 🔑 config.json JSON 4L · 56 B
│ ├─ 🐍 fetch_repos.py Python 33L · 924 B
│ ├─ 🐍 gitlab_api.py Python 698L · 25.7 KB
│ └─ 🐍 list_repos.py Python 63L · 1.8 KB
└─ 📝 SKILL.md Markdown 326L · 11.7 KB

安全亮点

✓ gitlab_api.py uses config.json for credentials (proper credential handling)
✓ list_repos.py reads credentials from config.json only
✓ SKILL.md documents proper config.json usage for user credentials
✓ Skill functionality (GitLab operations) is legitimate and documented