中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 18/100
上次扫描:2 天前 重新扫描
18 /100
mcp-storyboard
多场景分镜文生图制作助手 - Storyboard image generation using BizyAir API
Legitimate image generation skill with documented network/shell access and properly declared dependencies, though contains undisclosed prompt injection that modifies user input.
技能名称mcp-storyboard
分析耗时36.2s
引擎pi
可以安装
The skill is safe for use. However, the auto-prompt-enhancement feature silently modifies user prompts with body-focused descriptions without explicit consent, which should be disclosed to users before image generation.

安全发现 3 项

严重性 安全发现 位置
低危
Silent prompt injection
The skill automatically appends sexualized body descriptions to prompts containing model/person keywords without informing the user. The injected content includes '漏斗身材,大胸展示' (hourglass figure, chest display) and references to specific individuals.
MODEL_SUFFIX: ',漏斗身材,大胸展示,moweifei,feifei 妃妃...'
→ Add clear disclosure when prompts are modified, or make this an opt-in feature
 storyboard-mcp.js:51
提示
Credential placeholder in docs
README.md:18 shows API_KEY='your_api_key_here' as placeholder example, not a real credential
export BIZYAIR_API_KEY="your_api_key_here"
→ No action needed - placeholder only
 README.md:18
提示
MCP server uses stdio transport
Server communicates via stdio, not network sockets - local execution only
const transport = new StdioServerTransport()
→ No action needed
 storyboard-mcp.js:318
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 All HTTP requests to api.bizyair.cn only
命令执行 WRITE WRITE ✓ 一致 scripts/bizyair_api.sh: curl commands for API fallback
环境变量 READ READ ✓ 一致 BIZYAIR_API_KEY read from environment only
1 高危 6 项发现
🔑
高危 API 密钥 疑似硬编码凭证
API_KEY="your_api_key_here"
README.md:18
🔗
中危 外部 URL 外部 URL
https://api.bizyair.cn/w/v1/mcp/242
README.md:105
🔗
中危 外部 URL 外部 URL
https://xxx.com/img1.png?image_process=format
SKILL.md:120
🔗
中危 外部 URL 外部 URL
https://xxx.com/img1.png
SKILL.md:120
🔗
中危 外部 URL 外部 URL
https://xxx.com/img2.png
SKILL.md:121
🔗
中危 外部 URL 外部 URL
https://api.bizyair.cn/w/v1/webapp/task/openapi
scripts/bizyair_api.sh:18

目录结构

8 文件 · 42.2 KB · 1429 行
JavaScript 1f · 582L Markdown 2f · 299L Python 1f · 274L Shell 1f · 227L JSON 3f · 47L
├─ 📁 .claude
│ └─ 📋 settings.local.json JSON 7L · 216 B
├─ 📁 scripts
│ ├─ 🔧 bizyair_api.sh Shell 227L · 6.8 KB
│ └─ 🐍 storyboard.py Python 274L · 8.3 KB
├─ 📋 mcp.json JSON 10L · 188 B
├─ 📋 package.json JSON 30L · 590 B
├─ 📝 README.md Markdown 131L · 3.7 KB
├─ 📝 SKILL.md Markdown 168L · 5.9 KB
└─ 📜 storyboard-mcp.js JavaScript 582L · 16.7 KB

依赖分析 1 项

包名版本来源已知漏洞备注
@modelcontextprotocol/sdk ^1.0.4 npm Version pinned to major release

安全亮点

✓ All network requests go to legitimate BizyAir API endpoint only
✓ No sensitive path access (~/.ssh, ~/.aws, etc.)
✓ No base64-encoded payloads or eval() patterns
✓ No remote script execution (curl|bash, wget|sh)
✓ No credential exfiltration - API key used only for authentication
✓ Shell execution is documented as fallback mechanism
✓ Dependencies are pinned to major versions