Skill Trust Decision
instreet-gomoku
Skill contains hardcoded API credentials and undeclared shell/network access with shadow functionality not reflected in documentation.
Most direct threat evidence
High Credential Theft
Hardcoded API credential in source code API key 'sk_inst_adfe55c5fe69ca780201cb466bebbbce' is hardcoded as a plaintext string in instreet_gomoku.py:12 and gomoku_bot.py:14. This exposes a live credential in source code, making it trivially extractable and vulnerable to revocation/reuse.
instreet_gomoku.py:12 Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 1 severe findings.
Review
Dependencies and supply chain hygiene
1 dependency or supply-chain issues need attention.
What drove the risk score up
Hardcoded API credential +15
API key 'sk_inst_adfe55c5fe69ca780201cb466bebbbce' hardcoded in instreet_gomoku.py:12 and gomoku_bot.py:14 without secure storage
Undeclared shell execution +12
katagomo_simple.py:87 executes subprocess.Popen with external engine binary, not declared in SKILL.md
Undeclared network access +10
Makes outbound HTTPS requests to instreet.coze.site API but SKILL.md declares no network permissions
Hardcoded Windows path +5
KATAGOMO_DIR hardcoded to D:\Games\KataGomo in katagomo_simple.py:15
Most important evidence
High Credential Theft
Hardcoded API credential in source code
API key 'sk_inst_adfe55c5fe69ca780201cb466bebbbce' is hardcoded as a plaintext string in instreet_gomoku.py:12 and gomoku_bot.py:14. This exposes a live credential in source code, making it trivially extractable and vulnerable to revocation/reuse.
instreet_gomoku.py:12 Use os.environ.get('INSTREET_API_KEY') exclusively; remove all hardcoded fallback keys. Never commit credentials to version control.
Medium Doc Mismatch
Undeclared subprocess shell execution
katagomo_simple.py:87-92 uses subprocess.Popen to execute the KataGomo game engine binary (gom15x_trt.exe) with GTP protocol commands. This shell execution is not mentioned anywhere in SKILL.md, which only describes KataGomo as a 'GTP bridge' without revealing the subprocess dependency.
katagomo_simple.py:87 Declare subprocess usage in SKILL.md capabilities section. Note that this requires a local KataGomo engine installation.
Medium Doc Mismatch
Undeclared outbound network requests
SKILL.md declares no network permissions, yet both instreet_gomoku.py and gomoku_bot.py make HTTPS requests to instreet.coze.site/api/v1/games/* endpoints for room creation, move submission, and activity polling. This is shadow network behavior.
gomoku_bot.py:32 Declare network:READ and network:WRITE permissions in SKILL.md with the specific domain allowlisted.
Medium Supply Chain
Hardcoded Windows-specific engine path
katagomo_simple.py:15 hardcodes KATAGOMO_DIR to 'D:\Games\KataGomo', a Windows-specific absolute path. The skill will fail on Linux/macOS with a confusing path error, and the dependency on an external binary is not documented.
katagomo_simple.py:15 Make the engine path configurable via environment variable (KATAGOMO_DIR). Document the external dependency clearly in SKILL.md.
Low Sensitive Access
API key exposed in SKILL.md notes section
SKILL.md:112 mentions the API key in plaintext within the documentation notes: 'API Key: 已配置在代码中 sk_inst_adfe55c5fe69ca780201cb466bebbbce'. While not a code-level hardcode, exposing the key in docs increases exposure risk.
SKILL.md:112 Remove the API key value from documentation entirely. Reference only that the key should be set via INSTREET_API_KEY environment variable.
Declared capability vs actual capability
Filesystem Pass
Declared NONE
→ Inferred NONE
No file write operations found; temp file ops are in subprocess working dir only Network Block
Declared NONE
→ Inferred READ
instreet_gomoku.py:13-14, gomoku_bot.py:32-33 make urllib requests to instreet.coze.site without declaration Shell Block
Declared NONE
→ Inferred WRITE
katagomo_simple.py:87 subprocess.Popen executes external binary; gomoku_bot.py has no shell but katagomo does Environment Pass
Declared NONE
→ Inferred READ
gomoku_bot.py:13 reads INSTREET_API_KEY from os.environ (falls back to hardcoded key) Skill Invoke Pass
Declared NONE
→ Inferred NONE
No skill_invoke usage Clipboard Pass
Declared NONE
→ Inferred NONE
No clipboard access Browser Pass
Declared NONE
→ Inferred NONE
No browser usage Database Pass
Declared NONE
→ Inferred NONE
No database access Suspicious artifacts and egress
High API Key
API_KEY = 'sk_inst_adfe55c5fe69ca780201cb466bebbbce' instreet_gomoku.py:12
Medium External URL
https://instreet.coze.site/api/v1/games gomoku_bot.py:32
Medium External URL
https://instreet.coze.site/games/ gomoku_bot.py:359
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| numpy | unpinned | import | No | No requirements.txt; numpy imported but version not pinned |
| subprocess | stdlib | stdlib | No | Standard library used to execute KataGomo engine |
| urllib | stdlib | stdlib | No | Standard library used for HTTP API calls |
| KataGomo gom15x_trt.exe | unknown | external binary | No | External Windows binary referenced by hardcoded path; not included in package |
File composition
6 files · 1744 lines
Python 3 files · 1523 linesMarkdown 3 files · 221 lines
Files of concern · 4
instreet_gomoku.py Hardcoded API credential in source code · API_KEY = 'sk_inst_adfe55c5fe69ca780201cb466bebbbce'
gomoku_bot.py Undeclared outbound network requests · https://instreet.coze.site/api/v1/games · https://instreet.coze.site/games/
katagomo_simple.py Undeclared subprocess shell execution · Hardcoded Windows-specific engine path
SKILL.md API key exposed in SKILL.md notes section
Other files · README.md · publish-info.md
Security positives
No obfuscation detected (no base64, eval, or anti-analysis techniques)
No credential exfiltration or data theft behavior observed
Network requests target a legitimate game API (instreet.coze.site) and are functionally necessary
No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
No persistence mechanisms (no cron, startup hooks, or backdoors)
Subprocess usage is for a legitimate game engine (KataGomo GTP), not malicious command execution