中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:19 小时前 重新扫描
5 /100
amazon-after-sales-flow
Playwright-based Amazon after-sales automation: open orders, order details, contact flow, and draft/send seller messages with explicit dual-authorization send gate
This is a legitimate Playwright-based Amazon after-sales automation skillpack with proper sandboxing, URL allowlisting, send guards, and no malicious indicators.
技能名称amazon-after-sales-flow
分析耗时54.7s
引擎pi
可以安装
Approve for use. The skill is well-structured with proper security controls including Amazon-only URL allowlisting, dual-authorization send gates, and local-only artifact storage.

安全发现 2 项

严重性 安全发现 位置
低危
Unpinned Playwright dependency 供应链
package.json specifies playwright as ^1.58.2 using a caret range, allowing minor/patch updates. This is a minor supply-chain risk for a well-maintained, reputable package.
"playwright": "^1.58.2"
→ Pin to exact version: "playwright": "1.58.2"
 package.json:7
低危
skill.yaml skill.py uses shell:WRITE but only for node invocation 文档欺骗
All 15 skill.py files are byte-identical (hash a22d97f54a24a2164247a7b8ac0786b84d3294fcbf71ecad019104f752b98dd6) and use subprocess.run(['node', ...]). This is a legitimate wrapper pattern, not arbitrary shell execution, but subprocess usage could be declared in SKILL.md for transparency.
subprocess.run(["node", str(script), input_text or ""], ...)
→ Document the Node.js invocation pattern in SKILL.md safety section
 skills/*/skill.py:6
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 Screenshots/artifacts saved to artifacts/ directory; declared in SKILL.md and sk…
网络访问 READ READ ✓ 一致 Only navigates to amazon.com URLs via strict isTrustedAmazonUrl() allowlist; no …
命令执行 NONE NONE skill.py uses subprocess.run(['node', ...]) to invoke skill.js; skill.js uses Pl…
浏览器 WRITE WRITE ✓ 一致 Full Playwright browser automation (click, type, navigate, screenshot, extract) …
环境变量 NONE NONE No os.environ iteration or credential access observed
技能调用 WRITE WRITE ✓ 一致 Skill orchestration through runSkill() and runFullFlow() entry points
6 项发现
🔗
中危 外部 URL 外部 URL
https://www.amazon.com/your-orders/order-details?orderID=114-1234567-1234567
dist/skills/amazon_contact_flow.json:67
🔗
中危 外部 URL 外部 URL
https://www.amazon.com/gp/help/contact/contact.html
dist/skills/amazon_contact_flow.json:73
🔗
中危 外部 URL 外部 URL
https://www.amazon.com/gp/message?threadId=EXAMPLE
dist/skills/amazon_contact_flow.json:74
🔗
中危 外部 URL 外部 URL
https://www.amazon.com/your-orders/orders?timeFilter=year-2025\u0026ref_=ppx_yo2ov_dt_b_filter_all_y2025
dist/skills/amazon_orders_opener.json:41
🔗
中危 外部 URL 外部 URL
https://www.amazon.com/gp/message?threadId=ABC123
dist/skills/message_monitor.json:53
🔗
中危 外部 URL 外部 URL
https://www.amazon.com
skills/_easybuy_browser_runtime.js:56

目录结构

70 文件 · 141.0 KB · 3698 行
JavaScript 17f · 2222L JSON 20f · 940L Python 15f · 240L Markdown 17f · 239L YAML 1f · 57L
├─ 📁 dist
│ ├─ 📁 playbooks
│ │ ├─ 📋 refund.json JSON 26L · 629 B
│ │ ├─ 📋 replacement.json JSON 26L · 648 B
│ │ └─ 📋 return.json JSON 23L · 548 B
│ └─ 📁 skills
│ ├─ 📋 amazon_contact_flow.json JSON 82L · 5.0 KB
│ ├─ 📋 amazon_order_details_fetcher.json JSON 39L · 2.0 KB
│ ├─ 📋 amazon_orders_opener.json JSON 46L · 2.3 KB
│ ├─ 📋 amazon_orders_scraper.json JSON 55L · 2.8 KB
│ ├─ 📋 amazon_price_checker.json JSON 33L · 1.5 KB
│ ├─ 📋 amazon_product_detector.json JSON 57L · 2.9 KB
│ ├─ 📋 amazon_review_scraper.json JSON 34L · 1.6 KB
│ ├─ 📋 case_exporter.json JSON 36L · 1.9 KB
│ ├─ 📋 evidence_builder.json JSON 56L · 2.9 KB
│ ├─ 📋 form_filler.json JSON 68L · 4.0 KB
│ ├─ 📋 message_drafter.json JSON 76L · 4.5 KB
│ ├─ 📋 message_monitor.json JSON 67L · 3.8 KB
│ ├─ 📋 order_reader.json JSON 57L · 2.8 KB
│ ├─ 📋 price_alert_manager.json JSON 32L · 1.5 KB
│ └─ 📋 registry.json JSON 61L · 2.2 KB
├─ 📁 scripts
│ └─ 📜 validate-skills.mjs JavaScript 231L · 6.0 KB
├─ 📁 skills
│ ├─ 📁 amazon_contact_flow
│ │ ├─ 📝 prompt.md Markdown 7L · 248 B
│ │ ├─ 📜 skill.js JavaScript 17L · 462 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_order_details_fetcher
│ │ ├─ 📝 prompt.md Markdown 11L · 329 B
│ │ ├─ 📜 skill.js JavaScript 17L · 471 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_orders_opener
│ │ ├─ 📝 prompt.md Markdown 7L · 250 B
│ │ ├─ 📜 skill.js JavaScript 17L · 463 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_orders_scraper
│ │ ├─ 📝 prompt.md Markdown 7L · 252 B
│ │ ├─ 📜 skill.js JavaScript 17L · 464 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_price_checker
│ │ ├─ 📝 prompt.md Markdown 7L · 250 B
│ │ ├─ 📜 skill.js JavaScript 17L · 463 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_product_detector
│ │ ├─ 📝 prompt.md Markdown 7L · 256 B
│ │ ├─ 📜 skill.js JavaScript 17L · 466 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 amazon_review_scraper
│ │ ├─ 📝 prompt.md Markdown 7L · 252 B
│ │ ├─ 📜 skill.js JavaScript 17L · 464 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 case_exporter
│ │ ├─ 📝 prompt.md Markdown 7L · 236 B
│ │ ├─ 📜 skill.js JavaScript 17L · 456 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 evidence_builder
│ │ ├─ 📝 prompt.md Markdown 7L · 242 B
│ │ ├─ 📜 skill.js JavaScript 17L · 459 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 form_filler
│ │ ├─ 📝 prompt.md Markdown 7L · 232 B
│ │ ├─ 📜 skill.js JavaScript 17L · 454 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 hello
│ │ ├─ 📝 prompt.md Markdown 26L · 883 B
│ │ ├─ 📜 skill.js JavaScript 172L · 4.9 KB
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 message_drafter
│ │ ├─ 📝 prompt.md Markdown 7L · 240 B
│ │ ├─ 📜 skill.js JavaScript 17L · 458 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 message_monitor
│ │ ├─ 📝 prompt.md Markdown 7L · 240 B
│ │ ├─ 📜 skill.js JavaScript 17L · 458 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 order_reader
│ │ ├─ 📝 prompt.md Markdown 7L · 234 B
│ │ ├─ 📜 skill.js JavaScript 17L · 455 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ ├─ 📁 price_alert_manager
│ │ ├─ 📝 prompt.md Markdown 7L · 248 B
│ │ ├─ 📜 skill.js JavaScript 17L · 462 B
│ │ └─ 🐍 skill.py Python 16L · 439 B
│ └─ 📜 _easybuy_browser_runtime.js JavaScript 1581L · 62.6 KB
├─ 📋 package-lock.json JSON 56L · 1.6 KB
├─ 📋 package.json JSON 10L · 162 B
├─ 📝 README.md Markdown 58L · 1.4 KB
├─ 📝 SKILL.md Markdown 53L · 1.5 KB
└─ 📋 skill.yaml YAML 57L · 2.3 KB

依赖分析 1 项

包名版本来源已知漏洞备注
playwright ^1.58.2 npm Caret range allows minor/patch updates; consider pinning to exact version

安全亮点

✓ Strong URL allowlisting: isTrustedAmazonUrl() only permits amazon.com domains
✓ Dual-authorization send gate: requires both auto_send=true AND confirm_send=true to send messages
✓ URL-only free text input blocking: isLikelyUrlInput() prevents direct URL injection
✓ No credential harvesting: no access to ~/.ssh, ~/.aws, .env, or os.environ secrets
✓ No data exfiltration: all artifacts stored locally in artifacts/ directory with no external upload endpoint
✓ No obfuscation: all code is plain JavaScript, no base64, eval, or encoded payloads
✓ No reverse shell or C2: no network requests to external IPs or unknown domains
✓ No persistence mechanisms: no cron jobs, startup scripts, or backdoor installation
✓ Intentional safety removals documented: 'Legacy shell URL opener is removed' in SKILL.md
✓ Explicit send confirmation requirement documented prominently
✓ Browser context uses ephemeral/peristent profile in .browser-profile/ (scoped, local)
✓ DOM extraction is limited to Amazon order/messaging pages via skill definitions