bp-monthly-report-skill Security Report — Low Risk | ClawSafe

20 /100

bp-monthly-report-skill

Use when drafting a monthly BP report from a fixed template, BP period and node identifiers, and real BP or progress-report evidence. This skill enforces a staged workflow: normalize the template, map BP anchors, collect evidence, build fine-grained cards, then draft the report in a fixed section order.

This is a legitimate BP monthly report generation skill with undeclared script execution capabilities. The scripts perform business-critical API calls to an internal company BP system and generate structured report artifacts. No malicious behavior detected, but the gap between documented and actual capabilities warrants concern.

Skill Namebp-monthly-report-skill

Duration53.5s

Enginepi

✓

Safe to install

Declare all script capabilities (network:READ via internal API calls, filesystem:WRITE for artifact generation, shell:WRITE for YAML parsing) explicitly in SKILL.md. Document that Python scripts under scripts/ handle the heavy lifting. Pin the requests library version. Hardcode the internal API base URL as a constant rather than repeating it across scripts.

Findings 4 items

Severity	Finding	Location
Medium	Doc-to-code capability mismatch SKILL.md describes the skill as a workflow guide for generating BP monthly reports. However, the actual functionality is implemented in Python scripts under scripts/ that perform network API calls, file writes, and subprocess invocations. SKILL.md does not mention any of these capabilities, allowed-tools, or the existence of the scripts. `SKILL.md describes only the workflow and prompt instructions; no mention of Python scripts, subprocess, or HTTP API calls` → Add an 'Allowed Tools' or 'Implementation Details' section to SKILL.md declaring: filesystem:WRITE (for artifact generation), network:READ (for internal BP API), shell:WRITE (for YAML parsing via Ruby), skill_invoke (for calling helper scripts)	`SKILL.md:1`
Medium	Hardcoded internal API base URL repeated across scripts The internal API base URL 'https://sg-al-cwork-web.mediportal.com.cn/open-api' is hardcoded as a string constant in multiple scripts (collect_bp_month_evidence.py, dump_bp_anchor_map.py, generate_scheme_v2_monthly_reports.py) rather than being centralized. This creates maintenance risk and the URL is visible in code as an IOC. `BASE_URL = "https://sg-al-cwork-web.mediportal.com.cn/open-api"` → Centralize the API base URL in a shared config module or environment variable. This is a code quality issue rather than a security issue, but it increases the attack surface.	`scripts/collect_bp_month_evidence.py:28:28`
Low	Unpinned requests dependency scripts/collect_bp_month_evidence.py imports requests library without version pinning. No requirements.txt, pyproject.toml, or Pipfile exists in the repository. `import requests` → Add a requirements.txt or pyproject.toml with pinned versions: requests>=2.31.0	`scripts/collect_bp_month_evidence.py:16:16`
Low	Hardcoded absolute paths in render scripts render_chenshuting_march_scheme_reports.py and render_fuzhongming_january_scheme_v2.py contain hardcoded absolute paths like '/Users/hou/Documents/UGit/BP- writer/report-runs/...'. These are developer-specific and would cause failures in other environments. `run_dir = Path("/Users/hou/Documents/UGit/BP- writer/report-runs/2026年度计划BP_陈舒婷/2026-03")` → Replace hardcoded paths with CLI arguments or environment-based configuration	`scripts/render_chenshuting_march_scheme_reports.py:209:209`

Resource	Declared	Inferred	Status	Evidence
Network	`NONE`	`READ`	✗ Violation	scripts/collect_bp_month_evidence.py:31 — requests.post() to internal BP API; sc…
Shell	`NONE`	`WRITE`	✗ Violation	scripts/build_dual_report_artifacts.py:94 — subprocess.check_output(['ruby', '-e…
Filesystem	`NONE`	`WRITE`	✗ Violation	scripts/build_dual_report_artifacts.py — write_text(), Path.write_text(), shutil…
Environment	`NONE`	`NONE`	—	No os.environ iteration or credential access found

1 findings

🔗

Medium External URL 外部 URL

https://sg-al-cwork-web.mediportal.com.cn/open-api

scripts/collect_bp_month_evidence.py:28

File Tree

19 files · 213.8 KB · 5623 lines

Markdown 13f · 3015L Python 6f · 2608L

├─ ▾ 📁 assets

│ ├─ 📝 P001-T001-MONTH-TPL-01_月报模板_v1.md Markdown 124L · 3.0 KB

│ └─ 📝 人力资源中心_月报填写规范_组织示例_v1.md Markdown 187L · 4.9 KB

├─ ▾ 📁 references

│ ├─ 📝 artifact-layout.md Markdown 170L · 3.9 KB

│ ├─ 📝 bp-system.md Markdown 245L · 7.1 KB

│ ├─ 📝 business-description.zh-CN.md Markdown 473L · 14.2 KB

│ ├─ 📝 design-solution.zh-CN.md Markdown 810L · 20.5 KB

│ ├─ 📝 fill-patterns.md Markdown 148L · 9.9 KB

│ ├─ 📝 rolling-baseline.md Markdown 53L · 1.3 KB

│ ├─ 📝 section-order.md Markdown 83L · 2.1 KB

│ ├─ 📝 source-schema.md Markdown 154L · 3.6 KB

│ ├─ 📝 traffic-lights.md Markdown 145L · 5.8 KB

│ └─ 📝 workflow.md Markdown 234L · 7.2 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 build_dual_report_artifacts.py Python 532L · 20.8 KB

│ ├─ 🐍 collect_bp_month_evidence.py Python 528L · 20.2 KB

│ ├─ 🐍 dump_bp_anchor_map.py Python 119L · 3.6 KB

│ ├─ 🐍 generate_scheme_v2_monthly_reports.py Python 856L · 37.5 KB

│ ├─ 🐍 render_chenshuting_march_scheme_reports.py Python 213L · 15.3 KB

│ └─ 🐍 render_fuzhongming_january_scheme_v2.py Python 360L · 20.8 KB

└─ 📝 SKILL.md Markdown 189L · 12.0 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned — imported without version constraint in collect_bp_month_evidence.py
`subprocess`	`stdlib`	python3 stdlib	No	Used in build_dual_report_artifacts.py for YAML parsing via Ruby

Security Positives

✓ No credential harvesting — app_key is passed as a CLI argument, not scraped from environment or files

✓ No data exfiltration — all network traffic stays within the organization's internal BP API domain

✓ No obfuscation techniques — no base64 encoding, eval(), or atob() patterns found

✓ No sensitive path access — scripts do not access ~/.ssh, ~/.aws, .env, or similar credential paths

✓ No external IP connections — all network targets resolve to the same internal company domain

✓ No reverse shell, C2, or remote code execution backdoors

✓ No hidden instructions in HTML comments or documentation

✓ No curl|bash or wget|sh remote script execution patterns

✓ Report rendering scripts only perform text substitution and file writes within controlled directories

Scan Report

Findings 4 items

File Tree

Dependencies 2 items

Security Positives