安全决策报告
fund-daily
Skill performs multiple undeclared network requests and subprocess execution, with hardcoded credentials exposed in source code.
最直接的威胁证据
为什么得出这个结论
1/4 个维度触发 阻止
声明与实际能力
发现 4 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 4 个一般风险产物,需要结合上下文判断。
通过
攻击链与高危发现
没有形成明确的恶意路径。
复核
依赖与供应链卫生
发现 2 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Undeclared network access +20
Makes HTTP requests to fund APIs and Telegram API without declaring network:READ/WRITE in capabilities
Undeclared subprocess execution +15
Uses subprocess.run() to invoke news-market script without documentation
Hardcoded credentials +10
Telegram bot token and chat ID exposed in source code (lines 85-86)
Undeclared filesystem write +10
Writes Word documents to D:\System\Desktop\基金日报 without declaring filesystem:WRITE
Unpinned dependencies +5
requirements.txt has no version pins, risking supply chain issues
最关键的证据
中危 文档欺骗
Undeclared network API access
SKILL.md declares no network permissions but the script makes HTTP GET requests to multiple external APIs (天天基金网, Telegram) to fetch fund data and send messages.
fund_daily.py:155 Declare network:READ for API data fetching and network:WRITE for Telegram notifications in SKILL.md
中危 文档欺骗
Undeclared subprocess execution
Script uses subprocess.run() to execute a local Python script for news aggregation without documenting this behavior. The target path is hardcoded to a specific Windows user directory.
fund_daily.py:157 Document shell:WRITE permission and the dependency on news-market skill
中危 凭证窃取
Hardcoded Telegram credentials
Telegram bot token and chat ID are hardcoded directly in the source code. This exposes sensitive credentials and violates secure coding practices.
fund_daily.py:85 Move credentials to environment variables: os.environ.get('TELEGRAM_BOT_TOKEN')
低危 文档欺骗
Undeclared filesystem write operation
Script writes Word documents to D:\System\Desktop\基金日报 without declaring filesystem:WRITE permission in SKILL.md.
fund_daily.py:340 Declare filesystem:WRITE permission for Word document generation
低危 供应链
Unpinned Python dependencies
requirements.txt specifies 'requests' and 'python-docx' without version constraints, potentially allowing malicious replacement if package is typosquatted.
requirements.txt:1 Pin versions: requests>=2.28.0, python-docx>=0.8.11
声明能力 vs 实际能力
网络访问 阻止
声明 NONE
→ 推断 READ+WRITE
fund_daily.py:155-163 (HTTP requests to fundgz.1234567.com.cn, api.fund.eastmoney.com, api.telegram.org) 命令执行 阻止
声明 NONE
→ 推断 WRITE
fund_daily.py:155-163 (subprocess.run() executes python script) 文件系统 阻止
声明 NONE
→ 推断 WRITE
fund_daily.py:340-348 (creates directories and saves Word documents) 技能调用 阻止
声明 NONE
→ 推断 READ
fund_daily.py:155 (invokes news-market skill script) 可疑产物与外联
中危 外部 URL
http://fundgz.1234567.com.cn/js/ fund_daily.py:155
中危 外部 URL
http://fund.eastmoney.com/ fund_daily.py:158
中危 外部 URL
http://api.fund.eastmoney.com/f10/lsjz fund_daily.py:216
中危 外部 URL
https://api.telegram.org/bot fund_daily.py:309
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| requests | * | pip | 否 | Version not pinned - risk of supply chain attack |
| python-docx | * | pip | 否 | Version not pinned - risk of supply chain attack |
文件构成
4 个文件 · 950 行
Python 1 个文件 · 581 行Markdown 2 个文件 · 367 行Text 1 个文件 · 2 行
需关注文件 · 2
fund_daily.py Undeclared network API access · Undeclared subprocess execution · Hardcoded Telegram credentials · Undeclared filesystem write operation · http://fundgz.1234567.com.cn/js/ · http://fund.eastmoney.com/ · http://api.fund.eastmoney.com/f10/lsjz · https://api.telegram.org/bot
requirements.txt Unpinned Python dependencies
其他文件 · SKILL.md · README.md
安全亮点
No evidence of credential harvesting beyond required Telegram tokens
No base64-encoded or obfuscated code detected
No reverse shell or C2 communication patterns found
No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
No hidden functionality beyond legitimate fund data fetching
Subprocess usage serves documented feature (news aggregation) rather than malicious purpose