安全决策报告
income-lab
Hardcoded API key found in payment.py poses critical credential exposure risk. The skill implements legitimate billing integration but fails to follow secure credential management practices.
最直接的威胁证据
严重
Hardcoded API Key Exposed in Source Code A valid API key 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' is hardcoded as plaintext in payment.py:12. This key grants access to the SkillPay billing API and could be extracted by anyone with read access to the repository.
payment.py:12 为什么得出这个结论
2/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
发现 4 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Hardcoded API key in source +45
Line 12 of payment.py contains plaintext API key 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2'
Environment variable mismatch +15
_meta.json declares SKILLPAY_API_KEY env var but code uses hardcoded value instead
最关键的证据
严重
Hardcoded API Key Exposed in Source Code
A valid API key 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' is hardcoded as plaintext in payment.py:12. This key grants access to the SkillPay billing API and could be extracted by anyone with read access to the repository.
payment.py:12 Replace hardcoded key with os.environ.get('SKILLPAY_API_KEY', '') and provide the actual key via environment variable at runtime.
高危
Inconsistent Credential Management
The _meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required environment variables, but the code ignores these and uses a hardcoded value. This creates confusion and bypasses intended credential management.
payment.py:16 Make payment.py read BILLING_API_KEY from environment variable as intended by the metadata configuration.
中危
No Version Pinning in Dependencies
requirements.txt specifies dependencies without version constraints (pandas>=2.0.0, numpy>=1.24.0, etc.). This allows potentially vulnerable versions to be installed.
requirements.txt:1 Pin exact versions of all dependencies to ensure reproducible builds and prevent supply chain attacks.
低危
Data Directory in User Home
Scripts store experiment data in ~/.income-lab directory. While declared in documentation, this creates files outside a sandboxed scope.
scripts/experiment_tracker.py:19 Consider using a more sandboxed location like XDG_DATA_HOME or a project-local directory.
声明能力 vs 实际能力
文件系统 通过
声明 READ,WRITE
→ 推断 READ,WRITE
SKILL.md declares experiment_tracker.py; ~/.income-lab usage confirmed in scripts 网络访问 通过
声明 READ
→ 推断 READ
SKILL.md mentions billing system; payment.py makes requests to skillpay.me 命令执行 通过
声明 NONE
→ 推断 NONE
No subprocess or os.system calls in any script 环境变量 通过
声明 READ
→ 推断 READ
payment.py reads SKILLPAY_USER_ID from os.environ 技能调用 通过
声明 NONE
→ 推断 NONE
No skill invocation patterns found 可疑产物与外联
高危 API 密钥
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
中危 外部 URL
https://skillpay.me payment.py:11
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| pandas | >=2.0.0 | pip | 否 | Version not pinned |
| numpy | >=1.24.0 | pip | 否 | Version not pinned |
| matplotlib | >=3.7.0 | pip | 否 | Version not pinned |
| python-dateutil | >=2.8.0 | pip | 否 | Version not pinned |
文件构成
8 个文件 · 1286 行
Markdown 3 个文件 · 632 行Python 3 个文件 · 626 行JSON 1 个文件 · 19 行Text 1 个文件 · 9 行
需关注文件 · 3
scripts/experiment_tracker.py Data Directory in User Home
payment.py Hardcoded API Key Exposed in Source Code · Inconsistent Credential Management · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
requirements.txt No Version Pinning in Dependencies
其他文件 · weekly_reporter.py · SKILL.md · income-methods.md · retrospective-framework.md · _meta.json
安全亮点
No shell execution vulnerabilities - no subprocess, os.system, or eval calls found
No credential exfiltration - network requests only go to documented billing endpoint
No suspicious base64 encoding or obfuscation
No access to sensitive system paths like ~/.ssh, ~/.aws, or .env files
No hidden functionality in HTML comments or other stealth channels
No curl|bash or wget|sh remote script execution patterns
Legitimate billing integration properly documented in SKILL.md
Experiment tracking functionality matches declared capabilities