安全决策报告
imap-idle-sneder
Skill performs legitimate IMAP email monitoring but contains hardcoded credentials and undeclared network access to IMAP server and Feishu API.
最直接的威胁证据
高危 凭证窃取
Hardcoded email credentials in source code QQ email authorization code stored as string literal PASSWORD = '******' in imap_idle.py line 37. If repo is public or shared, credentials are exposed.
scripts/imap_idle.py:37 为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 3 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 3 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
发现 2 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Undeclared network access +15
SKILL.md declares no network access but script connects to IMAP server and Feishu API
Hardcoded credentials in source code +15
Email password, Feishu APP_ID, APP_SECRET, and USER_ID stored as string literals
Email content exfiltration to third-party +10
Full email body (body, subject, sender) sent to Feishu, not declared in core functionality docs
No dependency version pinning +5
imap-tools and beautifulsoup4 used without version constraints
最关键的证据
高危 凭证窃取
Hardcoded email credentials in source code
QQ email authorization code stored as string literal PASSWORD = '******' in imap_idle.py line 37. If repo is public or shared, credentials are exposed.
scripts/imap_idle.py:37 Move credentials to environment variables or a separate .env file that is .gitignored
高危 凭证窃取
Hardcoded Feishu API credentials
Feishu APP_ID, APP_SECRET, and USER_ID stored as string literals in source code (lines 127-129), exposing integration credentials.
scripts/imap_idle.py:127 Load from environment variables: os.environ.get('FEISHU_APP_ID')
中危 文档欺骗
Undeclared network access
SKILL.md declares 'NONE' permissions but the script makes HTTP requests to open.feishu.cn and connects to imap.qq.com:993. Network access is critical to functionality but not documented.
SKILL.md:1 Update SKILL.md to declare network:WRITE for IMAP and Feishu API access
中危 数据外泄
Email content sent to third-party service
Full email body (up to 500 chars), subject, sender name and email are forwarded to Feishu API. This data exfiltration is mentioned in docs but credential theft aspect is concerning.
scripts/imap_idle.py:180 Document what data is sent externally. Consider if all email fields need to be transmitted.
低危 供应链
Dependencies without version pinning
imap-tools and beautifulsoup4 used without version constraints. Could lead to unexpected behavior if a new version changes behavior.
scripts/imap_idle.py:26 Pin versions: imap-tools>=0.45.0, beautifulsoup4>=4.9.0
声明能力 vs 实际能力
网络访问 阻止
声明 NONE
→ 推断 WRITE
scripts/imap_idle.py:136,198 文件系统 阻止
声明 NONE
→ 推断 WRITE
scripts/imap_idle.py:52-53 writes to workspace and log files 环境变量 阻止
声明 NONE
→ 推断 READ
Credentials should be env-based but are hardcoded 可疑产物与外联
中危 外部 URL
https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal scripts/imap_idle.py:136
中危 外部 URL
https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id scripts/imap_idle.py:198
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| imap-tools | * | pip | 否 | Version not pinned |
| beautifulsoup4 | * | pip | 否 | Version not pinned, used for HTML parsing |
文件构成
2 个文件 · 485 行
Python 1 个文件 · 407 行Markdown 1 个文件 · 78 行
需关注文件 · 2
scripts/imap_idle.py Hardcoded email credentials in source code · Hardcoded Feishu API credentials · Email content sent to third-party service · Dependencies without version pinning · https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal · https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id · [email protected]
SKILL.md Undeclared network access
安全亮点
Script functionality is legitimate - email notification service
No reverse shell, C2 communication, or obvious malicious code
No base64 encoding or obfuscation detected
No attempts to access ~/.ssh, ~/.aws, or other credential paths
Uses standard libraries (imaplib, urllib) rather than suspicious tools