cms-find-skills Security Report — Low Risk | ClawSafe

20 /100

cms-find-skills

CMS Skill discovery tool that browses and searches skills via get-skills API, then downloads and installs ZIP packages to local workspace

This is a legitimate skill discovery and installation tool with well-documented behavior; minor security concerns exist (SSL verification disabled) but no malicious patterns detected.

Skill Namecms-find-skills

Duration37.7s

Enginepi

✓

Safe to install

Consider pinning the requests library version and enabling SSL verification if possible; otherwise safe to use for its stated purpose.

Findings 3 items

Severity	Finding	Location
Low	SSL verification disabled on HTTPS requests Both get_skills.py and install_skill.py use requests with verify=False, disabling SSL certificate validation. This allows man-in-the-middle attacks to intercept API credentials or inject malicious content into downloaded ZIPs. `requests.post(API_URL, headers=headers, verify=False, timeout=60, allow_redirects=True)` → Set verify=True or point to a custom CA bundle. Only disable if working with internal self-signed certs.	`scripts/skill_registry/get_skills.py:50`
Low	requests library version not pinned requirements.txt is not present; dependency versions are not pinned, which could lead to supply chain issues if a vulnerable version is used. `import requests` → Add a requirements.txt or pyproject.toml with pinned versions.	`scripts/skill_registry/get_skills.py:1`
Info	Redirect following enabled allow_redirects=True is set on API and download requests. Combined with verify=False, this increases MITM attack surface. `requests.get(url, stream=True, verify=False, timeout=120, allow_redirects=True)` → Ensure the target domains are trusted; consider validating redirect destinations.	`scripts/skill_registry/install_skill.py:89`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	API calls to skills.mediportal.com.cn in get_skills.py and install_skill.py
Filesystem	`WRITE`	`WRITE`	✓ Aligned	Downloads ZIP and extracts to local disk in install_skill.py:download_file, extr…
Shell	`WRITE`	`WRITE`	✓ Aligned	CLI scripts executed via python3; documented in SKILL.md

3 findings

🔗

Medium External URL 外部 URL

https://skills.mediportal.com.cn/api/skill/list

openapi/skill-registry/get-skills.md:1

🔗

Medium External URL 外部 URL

https://filegpt-hn.file.mediportal.com.cn/cwork_skill/cms-auth-skills_1.0.zip

openapi/skill-registry/get-skills.md:31

🔗

Medium External URL 外部 URL

https://skills.mediportal.com.cn

scripts/skill_registry/get_skills.py:21

File Tree

4 files · 19.2 KB · 557 lines

Python 2f · 467L Markdown 2f · 90L

├─ ▾ 📁 openapi

│ └─ ▾ 📁 skill-registry

│ └─ 📝 get-skills.md Markdown 49L · 1.3 KB

├─ ▾ 📁 scripts

│ └─ ▾ 📁 skill_registry

│ ├─ 🐍 get_skills.py Python 212L · 6.9 KB

│ └─ 🐍 install_skill.py Python 255L · 9.4 KB

└─ 📝 SKILL.md Markdown 41L · 1.6 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned; no requirements.txt present

Security Positives

✓ No credential harvesting: Scripts do not access ~/.ssh, ~/.aws, .env, or similar sensitive paths

✓ Path traversal protection: ZIP extraction has thorough validation via _normalize_zip_member and _safe_extract

✓ ZIP content validation: Extracts verify SKILL.md presence before completing installation

✓ Clear documentation: SKILL.md clearly declares all capabilities, network targets, and behavior

✓ No hidden functionality: All behavior matches documentation; no base64 payloads, eval(), or obfuscated code

✓ No remote shell execution: No curl|bash, wget|sh, or subprocess calls to unknown binaries

✓ Skill discovery is read-only: get_skills.py only queries a public API and displays results

✓ Install scope is controlled: Extraction targets are validated to stay within destination directory

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives