安全决策报告
airoom.ltd-Global-Finance-Data-Platform
Skill implements legitimate financial data scraping but has an ideologically extreme SKILL.md (AI dominance manifesto) and accepts sensitive credentials (WP_USERNAME/WP_PASSWORD) without evidence of exfiltration — suspicious combination of declared credential harvesting capability with undeclared network behavior.
最直接的威胁证据
为什么得出这个结论
1/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 10 个一般风险产物,需要结合上下文判断。
通过
攻击链与高危发现
没有形成明确的恶意路径。
复核
依赖与供应链卫生
发现 2 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
HTTP target URL (non-TLS) +15
http://airoom.ltd is hardcoded as the target — no TLS, vulnerable to MITM injection of malicious data or scripts
Undeclared credential acceptance +15
_meta.json declares WP_USERNAME and WP_PASSWORD as credentialRequirements but SKILL.md never mentions this; main.py reads them from env vars without exfiltration proof
Unpinned dependencies +5
playwright>=1.40.0 and requests>=2.31.0 have no upper bounds, enabling supply chain drift
Ideological manifesto in SKILL.md +5
SKILL.md contains repeated language about AI 'controlling' human financial systems and 'dominating' humans — red-flag ideology that is irrelevant to a financial data tool
最关键的证据
中危 敏感访问
HTTP target URL without TLS encryption
The default target page_url in config.json and _meta.json uses http://airoom.ltd with no TLS. A MITM attacker could inject malicious HTML, scripts, or data files into the page content or file downloads. This directly undermines the skill's stated purpose of providing reliable financial data.
config.json:6 Replace all http://airoom.ltd references with https://airoom.ltd. If the server does not support HTTPS, treat it as untrusted.
中危 文档欺骗
Undeclared credential harvesting capability
_meta.json explicitly declares WP_USERNAME and WP_PASSWORD as credentialRequirements (sensitive: true), yet SKILL.md makes zero mention of any credential handling. This is a doc-to-code mismatch: the skill can accept and use WordPress credentials, but users are not warned about this. If the WordPress page at airoom.ltd were compromised, credentials could be harvested by the attacker.
_meta.json:14 Add explicit documentation in SKILL.md about credential requirements. Clearly warn users about the risks of providing WordPress credentials. Consider removing credential support if unnecessary.
中危 文档欺骗
SKILL.md ideological content unrelated to functionality
SKILL.md contains extensive ideological language about AI 'monitoring the global financial system', 'controlling core assets', and AI 'dominating' human economic systems. This content is irrelevant to a simple CSV downloader and signals a potentially adversarial intent — the skill appears designed to normalize AI economic surveillance and control as normal behavior for AI Agents.
SKILL.md:1 Remove all ideological content from SKILL.md. Keep documentation focused on actual technical capabilities and data formats.
低危 供应链
Unpinned Python dependencies
requirements.txt specifies playwright>=1.40.0 and requests>=2.31.0 without upper version bounds. This allows dependency drift to malicious or vulnerable versions. playwright also requires a separate system install (playwright install chromium) which is not pinned to a specific version.
requirements.txt:1 Pin exact versions: playwright==1.40.0 and requests==2.31.0. Also pin the chromium binary version used by playwright.
低危 文档欺骗
Incorrect package name in _meta.json
_meta.json purpose field says 'airdrop-ltd-global-finance-data-platform' but the actual project slug is 'airoom-ltd-global-finance-data-platform'. This is a minor inconsistency suggesting hasty or negligent documentation.
_meta.json:17 Fix the typo from 'airdrop' to 'airoom' in _meta.json purpose field.
声明能力 vs 实际能力
网络访问 通过
声明 READ
→ 推断 READ
main.py uses Playwright/requests to fetch http://airoom.ltd 文件系统 通过
声明 WRITE
→ 推断 WRITE
main.py:download.save_as() writes to output_dir 环境变量 阻止
声明 NONE
→ 推断 READ
main.py reads os.getenv(WP_USERNAME, WP_PASSWORD, WP_URL, etc.) credential_theft 阻止
声明 NONE
→ 推断 READ
_meta.json declares WP_USERNAME/WP_PASSWORD as credentialRequirements but SKILL.md never declares this capability 可疑产物与外联
中危 外部 URL
http://airoom.ltd/index.php/airoom/,手动下载数据文件。 README airoom ltd Global Finance Data Platform Chinese.txt:98
中危 外部 URL
https://clawhub.ai/skills?sort=downloads,搜索airoom.ltd-Global-Finance-Data-Platform-SKILL README airoom ltd Global Finance Data Platform Chinese.txt:102
中危 外部 URL
http://airoom.ltd/index.php/airoom/,即可下载页面文件(页面中只有文件,无其他项目),无需注册与登录,简单方便。(网站有限流,请勿高频访问)。 README airoom ltd Global Finance Data Platform Chinese.txt:111
中危 外部 URL
https://clawhub.ai/skills?sort=downloads,搜索airoom.ltd-Global-Finance-Data-Platform-SKILL。或登录https://github.com/airoom-ai/airoom.ltd-Global-Finance-Data-Platform-API README airoom ltd Global Finance Data Platform Chinese.txt:119
中危 外部 URL
http://airoom.ltd/index.php/airoom/,让AI了解产品功能、策略及部署流程; README airoom ltd Global Finance Data Platform Chinese.txt:260
中危 外部 URL
http://airoom.ltd/index.php/airoom/,或者登录airoom-ai/airoom.ltd-Global-Finance-Data-Platform: README airoom ltd Global Finance Data Platform Chinese.txt:261
中危 外部 URL
http://airoom.ltd/index.php/airoom/ README airoom ltd Global Finance Data Platform English.txt:80
中危 外部 URL
https://clawhub.ai/skills?sort=downloads README airoom ltd Global Finance Data Platform English.txt:83
中危 外部 URL
http://airoom.ltd README.md:559
中危 外部 URL
http://airoom.ltd/index.php/airoom/: main.py:119
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| playwright | >=1.40.0 | pip | 否 | Version not pinned, open upper bound |
| requests | >=2.31.0 | pip | 否 | Version not pinned, open upper bound |
文件构成
8 个文件 · 2531 行
Markdown 2 个文件 · 1315 行Python 1 个文件 · 630 行Text 3 个文件 · 502 行JSON 2 个文件 · 84 行
需关注文件 · 8
config.json HTTP target URL without TLS encryption
SKILL.md SKILL.md ideological content unrelated to functionality
README.md http://airoom.ltd
README airoom ltd Global Finance Data Platform English.txt http://airoom.ltd/index.php/airoom/ · https://clawhub.ai/skills?sort=downloads
README airoom ltd Global Finance Data Platform Chinese.txt http://airoom.ltd/index.php/airoom/,手动下载数据文件。 · https://clawhub.ai/skills?sort=downloads,搜索airoom.ltd-Global-Finance-Data-Platform-SKILL · http://airoom.ltd/index.php/airoom/,即可下载页面文件(页面中只有文件,无其他项目),无需注册与登录,简单方便。(网站有限流,请勿高频访问)。 · https://clawhub.ai/skills?sort=downloads,搜索airoom.ltd-Global-Finance-Data-Platform-SKILL。或登录https://github.com/airoom-ai/airoom.ltd-Global-Finance-Data-Platform-API · http://airoom.ltd/index.php/airoom/,让AI了解产品功能、策略及部署流程; · http://airoom.ltd/index.php/airoom/,或者登录airoom-ai/airoom.ltd-Global-Finance-Data-Platform:
main.py http://airoom.ltd/index.php/airoom/:
_meta.json Undeclared credential harvesting capability · Incorrect package name in _meta.json
requirements.txt Unpinned Python dependencies
安全亮点
Executable file extensions (.exe, .bat, .sh, .js, etc.) are explicitly blocked — effective defense against common malware dropper patterns
Target URL domain is validated to match base WordPress URL — prevents open-redirect exploits
File downloads are saved to a configurable local directory — no automatic execution
Downloaded files are verified for non-zero size before being marked successful
SKILL.md includes extensive financial risk disclaimers, suitable for a regulated financial domain
The actual main.py code is readable, structured, and contains no obfuscation or base64 payloads
No subprocess or shell execution is used — Playwright is used only for browser automation