中文 EN

Scan Report

Scan New Files

High Risk — Risk Score 72/100
Last scan:16 hr ago Rescan
72 /100
gangtise-kb
Query Gangtise knowledge base API for financial/market information
Skill contains multiple critical security issues: disabled SSL verification enabling MITM attacks, undeclared subprocess execution, and references to a non-existent binary file.
Skill Namegangtise-kb
Duration40.2s
Enginepi
Do not install this skill
Do not deploy. Disable SSL verification must be removed, subprocess usage must be documented, and missing binary must be verified.

Attack Chain 4 steps

Entry User installs skill following SKILL.md documentation
SKILL.md:1
Escalation Disabled SSL verification allows MITM interception of credentials
scripts/get_token.py:51
Escalation subprocess execution of non-existent binary
gangtise_kb_skill.py:41
Impact Potential credential theft through MITM attack
scripts/get_token.py:51

Findings 6 items

Severity Finding Location
Critical
Undeclared subprocess execution with missing binary RCE
gangtise_kb_skill.py uses subprocess.run() to execute gangtise-kb/gangtise-kb.py which does not exist in the file tree. This creates a security blind spot where arbitrary code could be injected.
cmd = [str(binary_path), "--input", temp_file]
result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
→ Document subprocess usage in SKILL.md or remove this wrapper entirely if the binary is not part of the skill package
 gangtise_kb_skill.py:41
Critical
SSL certificate verification disabled on all API calls Data Exfil
All scripts disable SSL verification using ssl.CERT_NONE or _create_unverified_context(). This allows Man-in-the-Middle attacks to intercept credentials and API responses.
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
→ Use default SSL context with proper certificate verification, or pin certificates if required
 get_token.py:51
Critical
SSL verification disabled in query script Data Exfil
query_kb.py also disables SSL verification at line 69-71, creating same MITM vulnerability.
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
→ Remove SSL verification bypass
 scripts/query_kb.py:69
High
SSL verification disabled in temp_query.py Data Exfil
temp_query.py uses ssl._create_unverified_context() for all HTTPS requests.
context = ssl._create_unverified_context()
→ Remove SSL verification bypass
 scripts/temp_query.py:15
Medium
SKILL.md does not declare shell execution capability Doc Mismatch
The main skill file gangtise_kb_skill.py uses subprocess to execute external binaries, but SKILL.md only documents Bash scripts for configuration. No mention of Python subprocess usage.
result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
→ Document all execution methods in SKILL.md capabilities section
 gangtise_kb_skill.py:41
Medium
Temporary file creation with cleanup race condition Priv Escalation
gangtise_kb_skill.py creates temporary files in /tmp and relies on os.unlink() for cleanup. This could expose sensitive data if deletion fails or during crash scenarios.
with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
→ Use delete=True or handle file cleanup more securely
 gangtise_kb_skill.py:45
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✗ Violation gangtise_kb_skill.py:45 writes temp files
Network READ READ ✓ Aligned API calls to open.gangtise.com in all scripts
Shell NONE WRITE ✗ Violation gangtise_kb_skill.py:41-55 uses subprocess.run()
1 findings
🔗
Medium External URL 外部 URL
https://open.gangtise.com
SKILL.md:18

File Tree

7 files · 24.2 KB · 781 lines
Python 5f · 576L Markdown 1f · 201L JSON 1f · 4L
├─ 📁 scripts
│ ├─ 🐍 configure.py Python 95L · 2.7 KB
│ ├─ 🔑 get_token.py Python 98L · 2.9 KB
│ ├─ 🐍 query_kb.py Python 195L · 6.2 KB
│ └─ 🐍 temp_query.py Python 101L · 4.4 KB
├─ 🔑 config.json JSON 4L · 133 B
├─ 🐍 gangtise_kb_skill.py Python 87L · 3.1 KB
└─ 📝 SKILL.md Markdown 201L · 4.9 KB

Security Positives

✓ Credentials stored with restrictive permissions (0o600) by configure.py
✓ Proper input validation and error handling in authentication flow
✓ Clear documentation of API endpoints in SKILL.md
✓ Credentials are not hardcoded in scripts, loaded from config.json