安全决策报告

gangtise-kb

Name: gangtise-kb 可信度判断报告
Item: gangtise-kb
Rating: 28
Author: ClawSafe

Skill contains multiple critical security issues: disabled SSL verification enabling MITM attacks, undeclared subprocess execution, and references to a non-existent binary file.

安装决策优先来源: 手动上传扫描时间: 2026/4/5

文件 7

IOC 1

越权项 2

发现 6

最直接的威胁证据

严重代码执行

Undeclared subprocess execution with missing binary

gangtise_kb_skill.py uses subprocess.run() to execute gangtise-kb/gangtise-kb.py which does not exist in the file tree. This creates a security blind spot where arbitrary code could be injected.

gangtise_kb_skill.py:41

为什么得出这个结论

2/4 个维度触发

阻止

声明与实际能力

发现 2 项声明之外的能力或越权行为。

复核

隐藏执行与外联

提取到 1 个一般风险产物，需要结合上下文判断。

阻止

攻击链与高危发现

报告包含 4 步攻击链，另有 4 项高危或严重发现。

复核

依赖与供应链卫生

没有完整依赖信息，供应链判断需要保留弹性。

攻击链

User installs skill following SKILL.md documentation

初始入口 · SKILL.md:1

Disabled SSL verification allows MITM interception of credentials

network · scripts/get_token.py:51

subprocess execution of non-existent binary

权限提升 · gangtise_kb_skill.py:41

Potential credential theft through MITM attack

最终危害 · scripts/get_token.py:51

风险分是怎么被拉高的

Disabled SSL certificate verification +35

All network scripts use ssl.CERT_NONE allowing MITM attacks on credential transmission

Undeclared subprocess execution +20

gangtise_kb_skill.py uses subprocess to call gangtise-kb/gangtise-kb.py, not mentioned in SKILL.md

Missing binary file +10

Code references gangtise-kb/gangtise-kb.py which does not exist in the file tree

Real credentials in config.json +7

Production API keys present in config.json file

最关键的证据

严重代码执行

Undeclared subprocess execution with missing binary

gangtise_kb_skill.py uses subprocess.run() to execute gangtise-kb/gangtise-kb.py which does not exist in the file tree. This creates a security blind spot where arbitrary code could be injected.

gangtise_kb_skill.py:41

Document subprocess usage in SKILL.md or remove this wrapper entirely if the binary is not part of the skill package

严重数据外泄

SSL certificate verification disabled on all API calls

All scripts disable SSL verification using ssl.CERT_NONE or _create_unverified_context(). This allows Man-in-the-Middle attacks to intercept credentials and API responses.

get_token.py:51

Use default SSL context with proper certificate verification, or pin certificates if required

严重数据外泄

SSL verification disabled in query script

query_kb.py also disables SSL verification at line 69-71, creating same MITM vulnerability.

scripts/query_kb.py:69

Remove SSL verification bypass

高危数据外泄

SSL verification disabled in temp_query.py

temp_query.py uses ssl._create_unverified_context() for all HTTPS requests.

scripts/temp_query.py:15

Remove SSL verification bypass

中危文档欺骗

SKILL.md does not declare shell execution capability

The main skill file gangtise_kb_skill.py uses subprocess to execute external binaries, but SKILL.md only documents Bash scripts for configuration. No mention of Python subprocess usage.

gangtise_kb_skill.py:41

Document all execution methods in SKILL.md capabilities section

中危权限提升

Temporary file creation with cleanup race condition

gangtise_kb_skill.py creates temporary files in /tmp and relies on os.unlink() for cleanup. This could expose sensitive data if deletion fails or during crash scenarios.

gangtise_kb_skill.py:45

Use delete=True or handle file cleanup more securely

声明能力 vs 实际能力

文件系统 阻止

声明 NONE

→

推断 WRITE

gangtise_kb_skill.py:45 writes temp files

网络访问 通过

声明 READ

→

推断 READ

API calls to open.gangtise.com in all scripts

命令执行 阻止

声明 NONE

→

推断 WRITE

gangtise_kb_skill.py:41-55 uses subprocess.run()

可疑产物与外联

中危外部 URL

https://open.gangtise.com

SKILL.md:18

依赖与供应链

没有结构化依赖告警。

文件构成

7 个文件 · 781 行

Python 5 个文件 · 576 行Markdown 1 个文件 · 201 行JSON 1 个文件 · 4 行

需关注文件 · 6

scripts/get_token.py Python · 98 行

config.json JSON · 4 行

scripts/query_kb.py Python · 195 行

SSL verification disabled in query script

SKILL.md Markdown · 201 行

https://open.gangtise.com

scripts/temp_query.py Python · 101 行

SSL verification disabled in temp_query.py

gangtise_kb_skill.py Python · 87 行

Undeclared subprocess execution with missing binary · SKILL.md does not declare shell execution capability · Temporary file creation with cleanup race condition

其他文件 · configure.py

安全亮点

Credentials stored with restrictive permissions (0o600) by configure.py

Proper input validation and error handling in authentication flow

Clear documentation of API endpoints in SKILL.md

Credentials are not hardcoded in scripts, loaded from config.json