中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 25/100
上次扫描:23 小时前 重新扫描
25 /100
pinchtab
Browser automation via HTTP API. Use for headless browser control, web automation, form filling, data extraction, and interactive element interaction.
Skill is a legitimate browser automation tool backed by a local HTTP API, but contains hardcoded service credentials and vague credential handling in docs.
技能名称pinchtab
分析耗时52.5s
引擎pi
可以安装
Replace hardcoded PinchTab API tokens with environment variable references only. Document credential sourcing clearly in SKILL.md.

安全发现 4 项

严重性 安全发现 位置
中危
Hardcoded PinchTab API tokens in four shell scripts 凭证窃取
scripts/launch_browser.sh, navigate_to_url.sh, click_element.sh, and get_page_snapshot.sh each hardcode the same static Bearer token 'b6a91002205211861a1840bc7d1f55e98757ba635436b5a7' directly in the curl command, instead of referencing the PINCHTAB_TOKEN environment variable. This exposes a service credential in plaintext across multiple files.
TOKEN="b6a91002205211861a1840bc7d1f55e98757ba635436b5a7"
→ Replace hardcoded TOKEN= values with TOKEN="${PINCHTAB_TOKEN:-}" and require PINCHTAB_TOKEN to be exported. This aligns with how screenshot_and_send.sh and decode_screenshot.py handle credentials.
 scripts/launch_browser.sh, scripts/navigate_to_url.sh, scripts/click_element.sh, scripts/get_page_snapshot.sh:6, 6, 6, 5
低危
SKILL.md does not mention hardcoded credentials or credential sourcing 文档欺骗
SKILL.md instructs users to 'export PINCHTAB_TOKEN' but never mentions that the bundled shell scripts contain their own hardcoded token. This creates a discrepancy between documented behavior and actual implementation, where the env var may be ignored in favor of the hardcoded value.
export PINCHTAB_TOKEN="your_token"
→ Add a 'Credentials' section to SKILL.md clarifying that PINCHTAB_TOKEN is a shared service token and how to obtain it. Also note that token overrides in env are respected.
 SKILL.md:1
低危
External data exfiltration via Telegram (acceptable but undocumented risk) 敏感访问
Both screenshot scripts send screenshot binary data (potentially containing sensitive page content) to Telegram's servers via a bot API. While declared in SKILL.md, the implications of sending arbitrary webpage screenshots to a third-party messaging service are not discussed.
https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendPhoto
→ Add a warning in SKILL.md that screenshots are transmitted to Telegram servers and should not be used with sensitive page content unless the Telegram bot is under user control.
 scripts/screenshot_and_send.sh, scripts/decode_screenshot.py:60, 68
提示
base64 -d usage is legitimate (false positive from pre-scan) 代码混淆
The pre-scan flagged 'base64 -d' at line 46 of screenshot_and_send.sh as suspicious obfuscation. In context, it decodes a base64-encoded JPEG screenshot from the PinchTab API response — a necessary step for the core functionality. This is not obfuscation.
echo "$BASE64_DATA" | base64 -d > "$SCREENSHOT_FILE"
→ No action needed; this is expected behavior for the screenshot feature.
 scripts/screenshot_and_send.sh:46
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 All scripts use bash to call curl/POST/GET to localhost:9867
文件系统 READ READ ✓ 一致 Scripts read no files beyond their own code; decode_screenshot.py writes to --ou…
网络访问 READ READ ✓ 一致 Scripts communicate with localhost:9867 (PinchTab) and api.telegram.org — both d…
环境变量 NONE READ ✓ 一致 All scripts read PINCHTAB_TOKEN and TELEGRAM_BOT_TOKEN from environment; this is…
1 严重 3 项发现
🔒
严重 编码执行 Base64 编码执行(代码混淆)
base64 -d
scripts/screenshot_and_send.sh:46
🔗
中危 外部 URL 外部 URL
https://api.telegram.org/bot
scripts/decode_screenshot.py:68
🔗
中危 外部 URL 外部 URL
https://api.telegram.org/bot$
scripts/screenshot_and_send.sh:60

目录结构

10 文件 · 11.6 KB · 420 行
Markdown 4f · 171L Shell 5f · 125L Python 1f · 124L
├─ 📁 references
│ ├─ 📝 api-endpoints.md Markdown 56L · 736 B
│ ├─ 📝 common-workflows.md Markdown 19L · 594 B
│ └─ 📝 troubleshooting.md Markdown 19L · 518 B
├─ 📁 scripts
│ ├─ 🔧 click_element.sh Shell 15L · 353 B
│ ├─ 🐍 decode_screenshot.py Python 124L · 4.0 KB
│ ├─ 🔧 get_page_snapshot.sh Shell 6L · 167 B
│ ├─ 🔧 launch_browser.sh Shell 6L · 166 B
│ ├─ 🔧 navigate_to_url.sh Shell 15L · 332 B
│ └─ 🔧 screenshot_and_send.sh Shell 83L · 2.6 KB
└─ 📝 SKILL.md Markdown 77L · 2.3 KB

依赖分析 1 项

包名版本来源已知漏洞备注
requests unpinned pip (imported in decode_screenshot.py) requests is not pinned to a specific version in any requirements.txt — latest could introduce breaking changes

安全亮点

✓ No reverse shell, C2, or data-theft behavior observed
✓ SKILL.md accurately describes the skill's purpose as browser automation via HTTP API
✓ Base64 decoding is legitimate image processing, not code obfuscation
✓ No credential exfiltration to attacker-controlled servers
✓ Telegram sending is opt-in and requires explicit chat_id argument
✓ decode_screenshot.py properly uses requests.Session-like patterns with error handling
✓ All shell scripts use set -e for safe exit on errors
✓ No eval(), os.system with user input, or other RCE primitives found
✓ No attempts to access ~/.ssh, ~/.aws, .env, or other sensitive host paths
✓ No cron, systemd, or persistence mechanisms installed