Skill Trust Decision
psychology-analysis
技能存在多个阴影功能:未声明的静默手机登录、自动创建本地用户、凭证明文存储至SQLite数据库,且filesystem和network的WRITE权限未在文档中声明
Most direct threat evidence
High Doc Mismatch
静默phoneLogin调用 RequestUtil.http_request()在缺少TOKEN时自动调用内部接口/sys/phoneLogin进行静默注册/登录,完全未在SKILL.md中声明
skills/smyx_common/scripts/util.py:180 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
3 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
10 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 2 severe findings.
Pass
Dependencies and supply chain hygiene
Dependencies are present but no obvious high-risk issue stands out.
What drove the risk score up
静默phoneLogin调用 +20
RequestUtil._get_or_create_user()自动调用/sys/phoneLogin,SKILL.md未声明
本地SQLite凭证存储 +15
UserDao将token/open_token明文存储在smyx-common-claw.db
自动创建默认用户 +10
OpenIdUtil.get_or_create_default_open_id()生成User_xxx并写入数据库
filesystem:WRITE越权 +10
写入数据库和输出文件,但SKILL.md声明为NONE
network:WRITE越权 +10
POST上传视频文件,但SKILL.md仅声明READ
Most important evidence
High Doc Mismatch
静默phoneLogin调用
RequestUtil.http_request()在缺少TOKEN时自动调用内部接口/sys/phoneLogin进行静默注册/登录,完全未在SKILL.md中声明
skills/smyx_common/scripts/util.py:180 在SKILL.md前置准备章节声明此自动身份初始化行为
High Credential Theft
本地SQLite数据库明文存储凭证
UserDao将用户token、open_token以明文形式存储在workspace/data/smyx-common-claw.db中,包含敏感认证信息
skills/smyx_common/scripts/dao.py:47 评估是否必须本地存储凭证,或使用系统密钥链
Medium Doc Mismatch
自动创建默认用户
OpenIdUtil.get_or_create_default_open_id()在用户未提供open_id时自动生成User_xxxxxx并写入本地数据库,SKILL.md未声明
skills/smyx_common/scripts/util.py:93 在文档中说明默认用户生成逻辑
Medium Sensitive Access
读取smyx-api-key.txt内部身份文件
OpenIdUtil从data/smyx-api-key.txt读取内部身份值,这是内部实现细节不应被技能直接访问
skills/smyx_common/scripts/util.py:81 通过标准环境变量或配置传递身份,避免直接读取内部文件
Low Priv Escalation
数据库表结构自动升级
_alter_tables()方法在启动时自动ALTER TABLE添加缺失字段,具有隐式数据库写权限
skills/smyx_common/scripts/dao.py:74 这是合法的数据库迁移行为,但应声明
Declared capability vs actual capability
Filesystem Block
Declared READ
→ Inferred WRITE
dao.py:47 创建sqlite数据库写入 Network Block
Declared READ
→ Inferred WRITE
util.py:199 requests.post上传视频文件 Database Block
Declared NONE
→ Inferred WRITE
dao.py:47-92 完整CRUD操作 Suspicious artifacts and egress
Medium External URL
https://lifeemergence.com/sample.html SKILL.md:37
Medium External URL
http://192.168.1.234:9601/smyx-open-api skills/smyx_common/scripts/config-dev.yaml:2
Medium External URL
http://192.168.1.234:4100 skills/smyx_common/scripts/config-dev.yaml:3
Medium External URL
http://192.168.1.234:7070/jeecg-boot-xzgz skills/smyx_common/scripts/config-dev.yaml:4
Medium External URL
https://livemonitortest.lifeemergence.com/smyx-open-api skills/smyx_common/scripts/config-test.yaml:2
Medium External URL
http://livemonitortest.lifeemergence.com skills/smyx_common/scripts/config-test.yaml:3
Medium External URL
https://healthtest.lifeemergence.com/jeecg-boot-xzgz skills/smyx_common/scripts/config-test.yaml:4
Medium External URL
https://lifeemergence.com/jeecg-boot-xzgz skills/smyx_common/scripts/config.yaml:4
Medium External URL
https://open.lifeemergence.com/smyx-open-api skills/smyx_common/scripts/config.yaml:5
Medium External URL
http://livemonitor.lifeemergence.com skills/smyx_common/scripts/config.yaml:6
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| pydash | 8.0.6 | pip | No | 版本锁定 |
| SQLAlchemy | 2.0.46 | pip | No | 版本锁定 |
| PyYAML | 6.0.3 | pip | No | 版本锁定 |
File composition
29 files · 2506 lines
Python 18 files · 2248 linesMarkdown 3 files · 223 linesYAML 6 files · 29 linesText 2 files · 6 lines
Files of concern · 3
skills/smyx_common/scripts/util.py 静默phoneLogin调用 · 自动创建默认用户 · 读取smyx-api-key.txt内部身份文件
skills/smyx_common/scripts/dao.py 本地SQLite数据库明文存储凭证 · 数据库表结构自动升级
SKILL.md https://lifeemergence.com/sample.html
Other files · config.py · psychology_analysis.py · skill.py · smyx_analysis.py · api_service.py · skill.py +3
Security positives
依赖包版本全部锁定(pydash==8.0.6, SQLAlchemy==2.0.46, PyYAML==6.0.3)
无base64编码执行、无eval()调用、无subprocess裸命令执行
使用标准requests库进行HTTP通信,无可疑的curl|bash管道
视频文件处理有格式校验和大小限制(最大10MB)
API响应有success字段校验和错误处理