中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:2 天前 重新扫描
20 /100
gitlab
GitLab operations including creating and cloning repositories, listing projects, managing issues, merge requests, branches, commits, and pipelines
Legitimate GitLab CLI wrapper with minor documentation gaps: shell:WRITE via subprocess not explicitly declared, SSL bypass documented, but no malicious behavior detected.
技能名称gitlab
分析耗时65.2s
引擎pi
可以安装
Consider updating SKILL.md to explicitly declare shell:WRITE capability for git clone and curl operations, and add security notes about --insecure flag usage in production.

安全发现 3 项

严重性 安全发现 位置
中危
Shell execution not declared in SKILL.md 文档欺骗
SKILL.md declares network:READ capability but code uses subprocess.run() to execute git clone and curl commands, requiring shell:WRITE. The 'git operations' mentioned in clone workflow implicitly require shell access.
subprocess.run(['git', 'clone', clone_url, str(target_dir)], ...)
→ Update SKILL.md to declare shell:WRITE for git and curl operations
 scripts/gitlab_api.py:140
低危
SSL verification bypass flag 权限提升
The --insecure flag uses ssl._create_unverified_context() and curl -k, bypassing SSL certificate verification. This is useful for internal GitLab with self-signed certs but could enable MITM attacks if misused.
self.ssl_context = ssl._create_unverified_context()
→ Add prominent warning in SKILL.md that --insecure should not be used in production over untrusted networks
 scripts/gitlab_api.py:46
提示
All resources declared as NONE 文档欺骗
SKILL.md shows all resources as NONE in capability matrix but code uses filesystem:READ for config files and shell:WRITE for git operations
Capability model declares all NONE
→ Update capability matrix to reflect actual resource usage
 SKILL.md:1
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 Scripts make HTTPS requests to GitLab API endpoints
命令执行 NONE WRITE ✗ 越权 gitlab_api.py:140-148 (git clone), gitlab_api.py:159-174 (_make_request_curl), f…
文件系统 NONE READ ✗ 越权 credential_loader.py reads ~/.claude/gitlab_config.json and scripts/config.json
9 项发现
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com
SKILL.md:19
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com/username/my-project
SKILL.md:236
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com/username/my-project.git
SKILL.md:237
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com/group/project
SKILL.md:260
🔗
中危 外部 URL 外部 URL
https://oauth2:TOKEN@host/project.git
SKILL.md:267
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com/group/project-name
SKILL.md:291
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com/user/settings/tokens
scripts/config.json:3
🔗
中危 外部 URL 外部 URL
https://gitlab.example.com\
scripts/credential_loader.py:265
🔗
中危 外部 URL 外部 URL
https://host/group/project
scripts/gitlab_api.py:130

目录结构

8 文件 · 66.8 KB · 1921 行
Python 4f · 1354L Markdown 1f · 501L JSON 3f · 66L
├─ 📁 evals
│ └─ 📋 evals.json JSON 53L · 2.3 KB
├─ 📁 scripts
│ ├─ 📋 config.example.json JSON 6L · 227 B
│ ├─ 🔑 config.json JSON 7L · 336 B
│ ├─ 🔑 credential_loader.py Python 351L · 11.3 KB
│ ├─ 🐍 fetch_repos.py Python 92L · 2.6 KB
│ ├─ 🐍 gitlab_api.py Python 840L · 31.2 KB
│ └─ 🐍 list_repos.py Python 71L · 2.2 KB
└─ 📝 SKILL.md Markdown 501L · 16.6 KB

依赖分析 1 项

包名版本来源已知漏洞备注
stdlib Built-in Python standard library Uses urllib, ssl, subprocess, json - all standard library

安全亮点

✓ No credential theft or exfiltration - tokens used only for GitLab API authentication
✓ No obfuscation techniques (base64, eval, etc.) detected
✓ Credential loader validates tokens and filters placeholders
✓ User config files created with restrictive 0o600 permissions
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No reverse shell, C2 communication, or data theft patterns
✓ Network requests limited to configured GitLab host only
✓ Clean, readable code with no suspicious patterns