中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 25/100
上次扫描:1 天前 重新扫描
25 /100
browser-automation
浏览器自动化操作与网页交互技能。用于自动填写表单、抓取网页数据、执行网页测试、模拟用户操作、批量处理网页任务。
A legitimate browser automation skill with one hardcoded billing API key, no hidden functionality, and documented capabilities matching implementation.
技能名称browser-automation
分析耗时44.1s
引擎pi
可以安装
Hardcode the BILLING_API_KEY is a supply-chain risk - it should be loaded from an environment variable. No other significant security concerns.

安全发现 3 项

严重性 安全发现 位置
高危
Hardcoded billing API key in source code 凭证窃取
BILLING_API_KEY is hardcoded as a string literal in payment.py:12. Source code containing skill packages is often shared or published, which would expose this credential. The key should be loaded from an environment variable instead.
BILLING_API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"
→ Replace hardcoded value with: BILLING_API_KEY = os.environ.get('SKILLPAY_API_KEY') and update _meta.json payment.api_key_env accordingly
 payment.py:12
中危
All dependencies use unpinned >= version specifiers 供应链
requirements.txt specifies all packages with >= without upper bounds (e.g., playwright>=1.40.0, requests>=2.31.0). This allows installation of any future version, including ones with known vulnerabilities.
playwright>=1.40.0
→ Pin exact versions (playwright==1.40.0) or narrow ranges to prevent supply-chain attacks via dependency confusion or typosquatting
 requirements.txt:1
低危
Anti-detection techniques documented in reference files 文档欺骗
references/anti-detection.md and anti-detection-guide.md contain extensive instructions on bypassing bot detection (Canvas fingerprint noise injection, navigator.webdriver override, proxy rotation). These are educational documentation but could enable unauthorized scraping.
context.getImageData = function(x, y, w, h) { const data = originalGetImageData.call(this, x, y, w, h); for (let i = 0; i < data.data.length; i += 4) { data.data[i] += Math.random() > 0.5 ? 1 : 0; } return data; };
→ This is a gray area - anti-detection is commonly used for legitimate testing. Consider adding a disclaimer that techniques should only be used on sites you have authorization to test.
 references/anti-detection.md:130
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 scripts/web_scraper.py reads/writes JSON/CSV data files
网络访问 READ READ ✓ 一致 All scripts use requests/playwright to fetch external URLs
命令执行 NONE NONE No subprocess or os.system calls found
浏览器 WRITE WRITE ✓ 一致 Playwright automation in all scripts
环境变量 NONE READ ✓ 一致 payment.py:95 reads SKILLPAY_USER_ID from os.environ
技能调用 NONE NONE No inter-skill invocation
剪贴板 NONE NONE No clipboard access
数据库 NONE NONE No direct database access
2 高危 8 项发现
🔑
高危 API 密钥 疑似硬编码凭证
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"
payment.py:12
📡
高危 IP 地址 硬编码 IP 地址
120.0.0.0
references/anti-detection-guide.md:49
🔗
中危 外部 URL 外部 URL
https://search.jd.com/Search?keyword=iPhone
SKILL.md:100
🔗
中危 外部 URL 外部 URL
https://skillpay.me
payment.py:11
🔗
中危 外部 URL 外部 URL
https://target-site.com
references/anti-detection-guide.md:177
🔗
中危 外部 URL 外部 URL
http://2captcha.com/in.php
references/automation-patterns.md:416
🔗
中危 外部 URL 外部 URL
http://2captcha.com/res.php?key=
references/automation-patterns.md:427
🔗
中危 外部 URL 外部 URL
https://hooks.slack.com/...
scripts/page_monitor.py:13

目录结构

14 文件 · 82.9 KB · 3051 行
Markdown 6f · 1781L Python 6f · 1230L Text 1f · 21L JSON 1f · 19L
├─ 📁 references
│ ├─ 📝 anti-detection-guide.md Markdown 297L · 6.5 KB
│ ├─ 📝 anti-detection.md Markdown 291L · 6.9 KB
│ ├─ 📝 automation-patterns.md Markdown 476L · 11.8 KB
│ ├─ 📝 browser-tools-reference.md Markdown 272L · 5.8 KB
│ └─ 📝 playwright-guide.md Markdown 259L · 4.6 KB
├─ 📁 scripts
│ ├─ 🐍 auto_login.py Python 218L · 7.1 KB
│ ├─ 🐍 data_scraper.py Python 167L · 5.2 KB
│ ├─ 🐍 form_filler.py Python 252L · 8.4 KB
│ ├─ 🐍 page_monitor.py Python 228L · 8.1 KB
│ └─ 🐍 web_scraper.py Python 223L · 7.3 KB
├─ 📋 _meta.json JSON 19L · 439 B
├─ 🐍 payment.py Python 142L · 5.2 KB
├─ 📄 requirements.txt Text 21L · 268 B
└─ 📝 SKILL.md Markdown 186L · 5.2 KB

依赖分析 5 项

包名版本来源已知漏洞备注
playwright >=1.40.0 pip Version not pinned
selenium >=4.15.0 pip Version not pinned
requests >=2.31.0 pip Version not pinned
beautifulsoup4 >=4.12.0 pip Version not pinned
pandas >=2.0.0 pip Version not pinned

安全亮点

✓ No subprocess, os.system, or shell execution calls - no arbitrary code execution risk
✓ No base64 encoding or obfuscation of any kind
✓ No hidden functionality - all scripts match SKILL.md documentation
✓ SKILL.md accurately declares the skill as a browser automation tool with no overstated capabilities
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, ~/.git-credentials)
✓ No data exfiltration or C2 communication beyond declared billing endpoints
✓ No credential harvesting beyond the skill's own declared billing API key
✓ No persistence mechanisms (no cron jobs, startup scripts, or backdoor installation)
✓ Payment system properly declared in _meta.json with pricing details