中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 40/100
Last scan:21 hr ago Rescan
40 /100
interactive-infographic
AI automation drawing and complex information visualization tool based on ContextWeave
Skill contains hardcoded API key and undeclared data transmission with insufficient documentation about default credential usage.
Skill Nameinteractive-infographic
Duration40.2s
Enginepi
Use with caution
Remove hardcoded fallback API key from source code. Add explicit documentation explaining when and how the default anonymous credential is used versus user-provided credentials.

Findings 3 items

Severity Finding Location
Medium
Hardcoded fallback API key in source code Credential Theft
The file cw_client.cjs contains a hardcoded fallback API key '94a05d02-9ade-4d9d-9f39-88734d9e34b4' which serves as a default anonymous credential when the environment variable is not set. This credential is sent with every request to the backend.
return key || "94a05d02-9ade-4d9d-9f39-88734d9e34b4";
→ Remove hardcoded fallback credentials from source code. If anonymous access is required, implement it server-side without embedding credentials in client code.
 scripts/cw_client.cjs:14
Medium
Insufficient documentation of default credential behavior Doc Mismatch
SKILL.md mentions 'anonymous credential' in the security section but fails to specify that it is a hardcoded key embedded in source code. Users cannot make an informed decision about using this default versus providing their own key.
若未显式设置,将使用内置的默认匿名凭据
→ Add explicit documentation specifying: (1) The exact default key value, (2) When this default is used, (3) Security implications of using anonymous credentials, (4) Why this is acceptable vs credential harvesting.
 SKILL.md:120
Low
Non-obvious allowlisted domain Sensitive Access
The host allowlist includes 'bpjwmsdb.com' which is not clearly related to the ContextWeave service. While the allowlist provides some protection, this domain warrants verification.
const allowlist = ["api.contextweave.site", "contextweave.site", "pptx.chenxitech.site", "bpjwmsdb.com"];
→ Verify bpjwmsdb.com is a legitimate service endpoint. If unrelated, remove from allowlist to reduce attack surface.
 scripts/cw_client.cjs:38
ResourceDeclaredInferredStatusEvidence
Filesystem READ WRITE ✓ Aligned cw_client.cjs:exportCode writes diagram.cw to target path
Network WRITE WRITE ✓ Aligned postJson() makes HTTP POST to allowed hosts
Shell NONE NONE No subprocess or exec calls found
Environment READ READ ✓ Aligned Reads CONTEXTWEAVE_MCP_API_KEY and CONTEXTWEAVE_EDITOR_PROTOCOL
2 findings
🔗
Medium External URL 外部 URL
https://pptx.chenxitech.site
SKILL.md:177
🔗
Medium External URL 外部 URL
https://api.contextweave.site
cwmcp_config.example.json:2

File Tree

9 files · 26.8 KB · 794 lines
JavaScript 6f · 599L Markdown 1f · 180L JSON 2f · 15L
├─ 📁 scripts
│ ├─ 📜 cw_client.cjs JavaScript 268L · 8.8 KB
│ ├─ 📜 edit_contextweave.cjs JavaScript 72L · 1.8 KB
│ ├─ 📜 export_contextweave_code.cjs JavaScript 47L · 1.1 KB
│ ├─ 📜 export_session_asset.cjs JavaScript 74L · 1.9 KB
│ ├─ 📜 generate_contextweave.cjs JavaScript 93L · 2.4 KB
│ └─ 📜 import_contextweave_code.cjs JavaScript 45L · 1.1 KB
├─ 📋 _meta.json JSON 11L · 208 B
├─ 📋 cwmcp_config.example.json JSON 4L · 82 B
└─ 📝 SKILL.md Markdown 180L · 9.3 KB

Security Positives

✓ No shell execution or subprocess calls found - skill uses only Node.js standard library
✓ Path traversal protection implemented with CWD validation and absolute path requirements
✓ Host allowlist restricts network requests to known domains only
✓ No obfuscation techniques (no base64, eval, or encoded strings)
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)
✓ No credential harvesting beyond declared environment variable
✓ Explicit JSON output format reduces prompt injection risk