中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:16 hr ago Rescan
20 /100
payment_skill_demo
AI 原生支付解决方案 - 提供安全、可靠的支付功能
A legitimate payment processing skill with standard async HTTP client patterns, proper input validation, and AES-GCM encryption. Minor documentation gaps exist but no malicious behavior detected.
Skill Namepayment_skill_demo
Duration78.5s
Enginepi
Safe to install
The skill is safe to use. Consider documenting the virtual environment setup behavior and subprocess usage in diagnose.py for complete transparency.

Findings 3 items

Severity Finding Location
Low
Undeclared subprocess usage in diagnostic tool Doc Mismatch
scripts/diagnose.py uses subprocess.run() to check pip version, but this behavior is not mentioned in SKILL.md
result = subprocess.run([sys.executable, '-m', 'pip', '--version'], capture_output=True, text=True)
→ Document diagnostic tooling that uses subprocess for environment checks
 scripts/diagnose.py:67
Info
Python 3.6 support deprecated Supply Chain
requirements-py36.txt supports Python 3.6 which reached end-of-life in December 2021
aiohttp==3.6.3
→ Update documentation to recommend Python 3.8+ and deprecate 3.6 support
 scripts/requirements-py36.txt:1
Info
API credentials read from environment Sensitive Access
PAYMENT_API_KEY and PAYMENT_API_SECRET are read from environment variables - this is standard practice but worth noting
api_key: os.getenv('PAYMENT_API_KEY')
→ This is legitimate credential handling - ensure the API does not exfiltrate these values
 src/config_loader.py:86
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned Creates logs/ and venv/ directories
Network READ READ ✓ Aligned Makes HTTP requests to payment API
Shell NONE WRITE ✓ Aligned scripts/setup.sh: pip install; diagnose.py: subprocess.run()
Environment READ READ ✓ Aligned Reads PAYMENT_API_KEY, PAYMENT_API_SECRET
Skill Invoke NONE NONE No skill invocation found
Clipboard NONE NONE Not used
Browser NONE NONE Not used
Database NONE NONE Not used
3 findings
🔗
Medium External URL 外部 URL
https://api.zlclaw.com,不需要设置
config/production.env:9
🔗
Medium External URL 外部 URL
https://api.zlclaw.com
config/production.env:20
📧
Info Email 邮箱地址
[email protected]
SKILL.md:220

File Tree

15 files · 65.5 KB · 2303 lines
Python 8f · 1807L Markdown 1f · 225L Shell 1f · 99L YAML 1f · 75L Text 2f · 47L Env 1f · 36L JSON 1f · 14L
├─ 📁 config
│ └─ 📄 production.env Env 36L · 1.1 KB
├─ 📁 scripts
│ ├─ 🐍 diagnose.py Python 264L · 7.3 KB
│ ├─ 📄 requirements-py36.txt Text 28L · 433 B
│ ├─ 📄 requirements.txt Text 19L · 337 B
│ └─ 🔧 setup.sh Shell 99L · 2.5 KB
├─ 📁 src
│ ├─ 🐍 __init__.py Python 31L · 727 B
│ ├─ 🐍 config_loader.py Python 165L · 5.4 KB
│ ├─ 🐍 payment_api_client.py Python 219L · 6.6 KB
│ ├─ 🐍 payment_skill.py Python 389L · 13.0 KB
│ ├─ 📋 payment_skill.yaml YAML 75L · 1.6 KB
│ ├─ 🐍 security.py Python 191L · 6.0 KB
│ └─ 🐍 utils.py Python 320L · 7.9 KB
├─ 📋 _meta.json JSON 14L · 310 B
├─ 🐍 skill_cli.py Python 228L · 7.3 KB
└─ 📝 SKILL.md Markdown 225L · 4.9 KB

Dependencies 5 items

PackageVersionSourceKnown VulnsNotes
aiohttp 3.9.5 (py38) / 3.6.3 (py36) pip No Version pinned for py38, py36 uses older version
pydantic 2.7.0 (py38) / 1.8.2 (py36) pip No Major version differs between py38/py36
cryptography 42.0.5 (py38) / 3.4.8 (py36) pip No Version pinned for py38
pycryptodome 3.19.1 (py38) / 3.10.4 (py36) pip No Version pinned for py38
pytest 8.2.0 (py38) / 6.2.5 (py36) pip No Version pinned for py38

Security Positives

✓ Uses HMAC-SHA256 for request signing (line: payment_api_client.py:109)
✓ AES-GCM encryption for sensitive fields (src/security.py:155-162)
✓ Input validation and sanitization to prevent injection attacks (src/security.py:32-60)
✓ Async HTTP client with proper timeout handling (aiohttp.ClientTimeout)
✓ Transaction IDs generated with UUID for uniqueness (src/utils.py:15)
✓ Dependencies mostly version-pinned in requirements.txt (except py36)
✓ Good error handling with specific error codes
✓ No obfuscated code, base64 payloads, or suspicious encoding patterns
✓ No attempts to access ~/.ssh, ~/.aws, or other sensitive paths
✓ No credential exfiltration or C2 communication patterns