中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
cloudbase
CloudBase is a full-stack development and deployment toolkit for building and launching websites, Web apps, WeChat Mini Programs, and mobile apps with backend, database, hosting, cloud functions, AI capabilities, Agent, and UI guidance.
CloudBase skill is a legitimate documentation package for Tencent CloudBase platform with no malicious behavior found. All code snippets are documentation examples, all URLs point to official/legitimate services, and no security violations detected.
技能名称cloudbase
分析耗时67.4s
引擎pi
可以安装
This skill is safe to use. No additional security controls needed.

安全发现 2 项

严重性 安全发现 位置
提示
HTML Comment Markers in Deployment Docs 文档欺骗
Found '<!-- INSTRUCTION (AI MUST EXECUTE) -->' markers in agent-deployment.md. These are legitimate documentation markers instructing AI agents on deployment steps, not hidden malicious instructions.
<!-- INSTRUCTION (AI MUST EXECUTE EVERY STEP IN ORDER) -->
→ No action needed - these are documented AI routing markers
 references/cloudbase-agent/py/agent-deployment.md:26
提示
Environment Variable References in Documentation 敏感访问
Code examples reference os.environ.get() and process.env for configuration. These are legitimate usage patterns documented for developers setting up CloudBase services.
port = int(os.environ.get("SCF_RUNTIME_PORT", "9000"))
→ No action needed - standard configuration pattern
 references/cloudbase-agent/py/skill.md:109
资源类型声明权限推断权限状态证据
文件系统 NONE NONE Documentation-only; no filesystem operations in skill
网络访问 NONE NONE Skill documents API usage; no network operations performed by skill itself
命令执行 NONE NONE subprocess mentioned only in deployment documentation examples
环境变量 NONE NONE os.environ.get() documented for configuration purposes only
技能调用 NONE NONE Skill references other CloudBase skills for routing
剪贴板 NONE NONE No clipboard operations found
浏览器 NONE NONE No browser automation found
数据库 NONE NONE Skill documents CloudBase DB usage; no direct database operations
31 项发现
🔗
中危 外部 URL 外部 URL
https://static.cloudbase.net/cloudbase-js-sdk/latest/cloudbase.full.js
SKILL.md:67
🔗
中危 外部 URL 外部 URL
https://cloud.tencent.com/document/product/876/75213
SKILL.md:158
🔗
中危 外部 URL 外部 URL
https://tcb.cloud.tencent.com/dev?envId=$
SKILL.md:242
🔗
中危 外部 URL 外部 URL
https://open.weixin.qq.com/cgi-bin/readtemplate?t=regist/regist_tmpl
references/auth-tool/SKILL.md:273
🔗
中危 外部 URL 外部 URL
https://console.cloud.google.com/apis/credentials
references/auth-tool/SKILL.md:309
🔗
中危 外部 URL 外部 URL
https://accounts.google.com/o/oauth2/v2/auth
references/auth-tool/SKILL.md:328
🔗
中危 外部 URL 外部 URL
https://qcloudimg.tencent-cloud.cn/raw/f9131c00dcbcbccd5899a449d68da3ba.png
references/auth-tool/SKILL.md:337
🔗
中危 外部 URL 外部 URL
https://tcb.cloud.tencent.com/dev?envId=
references/auth-tool/SKILL.md:395
🔗
中危 外部 URL 外部 URL
https://your-app.com
references/cloud-storage-web/SKILL.md:154
🔗
中危 外部 URL 外部 URL
https://api.coze.com
references/cloudbase-agent/py/adapter-coze.md:49
🔗
中危 外部 URL 外部 URL
https://[email protected]/xxx
references/cloudbase-agent/py/references/observability.md:233
🔗
中危 外部 URL 外部 URL
http://apm-server:8200
references/cloudbase-agent/py/references/observability.md:301
🔗
中危 外部 URL 外部 URL
http://grafana:3000/api/dashboards/import
references/cloudbase-agent/py/references/observability.md:328
🔗
中危 外部 URL 外部 URL
https://api.example.com/data
references/cloudbase-agent/py/references/tools.md:55
🔗
中危 外部 URL 外部 URL
https://api.example.com/search?q=
references/cloudbase-agent/py/references/tools.md:87
🔗
中危 外部 URL 外部 URL
https://your-frontend.com
references/cloudbase-agent/py/server-quickstart.md:430
🔗
中危 外部 URL 外部 URL
https://docs.ag-ui.com/concepts/events
references/cloudbase-agent/ts/adapter-development.md:51
🔗
中危 外部 URL 外部 URL
https://cloud.langfuse.com/api/public/otlp/v1/traces
references/cloudbase-agent/ts/server-quickstart.md:128
🔗
中危 外部 URL 外部 URL
https://docs.ag-ui.com
references/cloudbase-agent/ts/ui-clients.md:27
🔗
中危 外部 URL 外部 URL
https://console.cloud.tencent.com/tcb/hosting
references/cloudbase-platform/SKILL.md:251
🔗
中危 外部 URL 外部 URL
https://tcb.cloud.tencent.com/dev?#/identity/token-management
references/http-api/SKILL.md:145
🔗
中危 外部 URL 外部 URL
https://cloud1-abc.api.tcloudbasegateway.com
references/http-api/SKILL.md:174
🔗
中危 外部 URL 外部 URL
https://cloud1-abc.api.intl.tcloudbasegateway.com
references/http-api/SKILL.md:188
🔗
中危 外部 URL 外部 URL
https://your-env-id.api.tcloudbasegateway.com/v1/functions/YOUR_FUNCTION_NAME
references/http-api/SKILL.md:214
🔗
中危 外部 URL 外部 URL
https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?select=name
references/http-api/SKILL.md:265
🔗
中危 外部 URL 外部 URL
https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course
references/http-api/SKILL.md:287
🔗
中危 外部 URL 外部 URL
https://your-env.api.tcloudbasegateway.com/v1/rdb/rest/course?id=eq.1
references/http-api/SKILL.md:306
🔗
中危 外部 URL 外部 URL
https://tcb.cloud.tencent.com/dev
references/no-sql-web-sdk/security-rules.md:45
🔗
中危 外部 URL 外部 URL
https://tcb.cloud.tencent.com/dev#/db/doc/model
references/no-sql-web-sdk/security-rules.md:69
🔗
中危 外部 URL 外部 URL
https://cloud.tencent.com/document/product/876/123478
references/no-sql-web-sdk/security-rules.md:890
📧
提示 邮箱 邮箱地址
[email protected]
references/cloudbase-agent/py/references/observability.md:233

目录结构

68 文件 · 513.5 KB · 17057 行
Markdown 68f · 17057L
├─ 📁 references
│ ├─ 📁 ai-model-nodejs
│ │ └─ 📝 SKILL.md Markdown 244L · 7.3 KB
│ ├─ 📁 ai-model-web
│ │ └─ 📝 SKILL.md Markdown 178L · 5.2 KB
│ ├─ 📁 ai-model-wechat
│ │ └─ 📝 SKILL.md Markdown 215L · 6.1 KB
│ ├─ 📁 auth-nodejs
│ │ └─ 📝 SKILL.md Markdown 439L · 16.0 KB
│ ├─ 📁 auth-tool
│ │ ├─ 📝 checklist.md Markdown 32L · 1.1 KB
│ │ └─ 📝 SKILL.md Markdown 395L · 10.7 KB
│ ├─ 📁 auth-web
│ │ └─ 📝 SKILL.md Markdown 338L · 10.0 KB
│ ├─ 📁 auth-wechat
│ │ └─ 📝 SKILL.md Markdown 470L · 13.0 KB
│ ├─ 📁 cloud-functions
│ │ ├─ 📁 references
│ │ │ ├─ 📝 event-functions.md Markdown 150L · 3.3 KB
│ │ │ ├─ 📝 http-functions.md Markdown 175L · 4.1 KB
│ │ │ └─ 📝 operations-and-config.md Markdown 166L · 4.4 KB
│ │ ├─ 📝 checklist.md Markdown 26L · 1.1 KB
│ │ ├─ 📝 references.md Markdown 46L · 1.3 KB
│ │ └─ 📝 SKILL.md Markdown 197L · 7.3 KB
│ ├─ 📁 cloud-storage-web
│ │ └─ 📝 SKILL.md Markdown 176L · 4.5 KB
│ ├─ 📁 cloudbase-agent
│ │ ├─ 📁 py
│ │ │ ├─ 📁 references
│ │ │ │ ├─ 📝 observability.md Markdown 415L · 8.6 KB
│ │ │ │ ├─ 📝 recipes.md Markdown 379L · 8.9 KB
│ │ │ │ ├─ 📝 server.md Markdown 146L · 4.7 KB
│ │ │ │ ├─ 📝 storage.md Markdown 312L · 6.7 KB
│ │ │ │ └─ 📝 tools.md Markdown 225L · 4.7 KB
│ │ │ ├─ 📝 adapter-coze.md Markdown 414L · 9.4 KB
│ │ │ ├─ 📝 adapter-development.md Markdown 571L · 16.8 KB
│ │ │ ├─ 📝 adapter-langgraph.md Markdown 611L · 14.3 KB
│ │ │ ├─ 📝 agent-deployment.md Markdown 434L · 14.0 KB
│ │ │ ├─ 📝 authentication.md Markdown 494L · 14.3 KB
│ │ │ ├─ 📝 server-quickstart.md Markdown 457L · 11.1 KB
│ │ │ └─ 📝 skill.md Markdown 245L · 11.8 KB
│ │ ├─ 📁 ts
│ │ │ ├─ 📝 adapter-development.md Markdown 51L · 1.9 KB
│ │ │ ├─ 📝 adapter-langchain.md Markdown 94L · 2.6 KB
│ │ │ ├─ 📝 adapter-langgraph.md Markdown 157L · 5.3 KB
│ │ │ ├─ 📝 agent-deployment.md Markdown 140L · 5.0 KB
│ │ │ ├─ 📝 agui-protocol.md Markdown 93L · 2.3 KB
│ │ │ ├─ 📝 server-quickstart.md Markdown 149L · 3.6 KB
│ │ │ ├─ 📝 skill.md Markdown 86L · 3.7 KB
│ │ │ ├─ 📝 ui-clients.md Markdown 53L · 1.3 KB
│ │ │ └─ 📝 ui-miniprogram.md Markdown 156L · 4.1 KB
│ │ └─ 📝 SKILL.md Markdown 28L · 1.5 KB
│ ├─ 📁 cloudbase-platform
│ │ └─ 📝 SKILL.md Markdown 293L · 15.2 KB
│ ├─ 📁 cloudrun-development
│ │ └─ 📝 SKILL.md Markdown 168L · 6.2 KB
│ ├─ 📁 data-model-creation
│ │ └─ 📝 SKILL.md Markdown 176L · 5.5 KB
│ ├─ 📁 http-api
│ │ ├─ 📝 checklist.md Markdown 23L · 991 B
│ │ └─ 📝 SKILL.md Markdown 487L · 19.2 KB
│ ├─ 📁 miniprogram-development
│ │ ├─ 📁 references
│ │ │ └─ 📝 cloudbase-integration.md Markdown 145L · 5.4 KB
│ │ └─ 📝 SKILL.md Markdown 159L · 6.2 KB
│ ├─ 📁 no-sql-web-sdk
│ │ ├─ 📝 aggregation.md Markdown 384L · 8.5 KB
│ │ ├─ 📝 complex-queries.md Markdown 232L · 5.0 KB
│ │ ├─ 📝 crud-operations.md Markdown 558L · 13.6 KB
│ │ ├─ 📝 geolocation.md Markdown 441L · 11.6 KB
│ │ ├─ 📝 pagination.md Markdown 315L · 8.7 KB
│ │ ├─ 📝 realtime.md Markdown 135L · 3.8 KB
│ │ ├─ 📝 security-rules.md Markdown 894L · 31.8 KB
│ │ └─ 📝 SKILL.md Markdown 155L · 4.5 KB
│ ├─ 📁 no-sql-wx-mp-sdk
│ │ ├─ 📝 aggregation.md Markdown 384L · 8.5 KB
│ │ ├─ 📝 complex-queries.md Markdown 232L · 5.0 KB
│ │ ├─ 📝 crud-operations.md Markdown 523L · 11.8 KB
│ │ ├─ 📝 geolocation.md Markdown 441L · 11.6 KB
│ │ ├─ 📝 pagination.md Markdown 315L · 8.7 KB
│ │ ├─ 📝 security-rules.md Markdown 63L · 1.8 KB
│ │ └─ 📝 SKILL.md Markdown 130L · 4.3 KB
│ ├─ 📁 relational-database-tool
│ │ └─ 📝 SKILL.md Markdown 193L · 7.8 KB
│ ├─ 📁 relational-database-web
│ │ └─ 📝 SKILL.md Markdown 133L · 3.6 KB
│ ├─ 📁 spec-workflow
│ │ └─ 📝 SKILL.md Markdown 155L · 4.7 KB
│ ├─ 📁 ui-design
│ │ ├─ 📝 checklist.md Markdown 23L · 838 B
│ │ └─ 📝 SKILL.md Markdown 322L · 14.3 KB
│ └─ 📁 web-development
│ ├─ 📝 browser-testing.md Markdown 31L · 1.1 KB
│ ├─ 📝 frameworks.md Markdown 26L · 1.4 KB
│ └─ 📝 SKILL.md Markdown 131L · 5.7 KB
└─ 📝 SKILL.md Markdown 433L · 24.7 KB

安全亮点

✓ Documentation-only skill with no executable code files
✓ All code snippets are example patterns with placeholder values
✓ No credential harvesting, data exfiltration, or C2 communication
✓ All external URLs point to official Tencent CloudBase and legitimate third-party services (OpenAI, Coze, Sentry)
✓ No obfuscation, base64 execution, or anti-analysis techniques
✓ Standard JWT parsing (atob for base64 decode of JWT payload) is legitimate
✓ HTML comments are documented AI instruction markers, not hidden malicious code
✓ Pre-scan flagged no scripts, no .env files, no sensitive file access