中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 22/100
上次扫描:1 天前 重新扫描
22 /100
携程笔记全自动发布
携程内容中心全自动发布技能,支持从 Bing Images 搜索高清无版权图片、自动填写标题正文、自动上传图片、自动选择目的地、自动点击发布
The skill implements legitimate Ctrip auto-publishing via Chrome browser automation, but makes undeclared use of AppleScript shell execution and has documentation mismatch regarding CDP protocol vs osascript implementation.
技能名称携程笔记全自动发布
分析耗时35.5s
引擎pi
可以安装
Declare shell:WRITE permission in SKILL.md if AppleScript/subprocess usage is intentional; align SKILL.md's stated CDP WebSocket approach with the actual osascript implementation; pin Playwright dependency in publish.sh.

安全发现 3 项

严重性 安全发现 位置
中危
Undeclared shell execution via osascript 文档欺骗
Both auto_fill.py and ctrip_auto_publish.py use subprocess.run() to execute osascript commands for Chrome browser control. This is shell:WRITE behavior that is not declared anywhere in SKILL.md, which only mentions CDP WebSocket protocol.
subprocess.run(['osascript', '-e', script], capture_output=True, text=True)
→ Add shell:WRITE to the declared capability map in SKILL.md if AppleScript subprocess is a core mechanism.
 scripts/ctrip_auto_publish.py:52
中危
SKILL.md claims CDP WebSocket but code uses AppleScript 文档欺骗
SKILL.md section '技术实现' states '使用 OpenClaw 浏览器自动化 + CDP 协议' and provides a CDP WebSocket upload example. However, all Python scripts actually use osascript subprocess calls to control Chrome via AppleScript DOM scripting, not CDP. This is a documentation mismatch.
使用 OpenClaw 浏览器自动化 + CDP 协议
→ Update SKILL.md to accurately describe the AppleScript-based browser automation approach, or refactor scripts to use the stated CDP WebSocket method.
 SKILL.md:42
低危
Unpinned Playwright dependency in publish.sh 供应链
publish.sh runs 'pip3 install playwright' without version pinning or a requirements.txt, which could result in installing a different version with different behavior or known vulnerabilities.
pip3 install playwright
→ Pin Playwright version: pip3 install playwright==x.x.x
 scripts/publish.sh:14
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md and scripts/write target /tmp/openclaw/uploads/ and ~/.qclaw/workspace/
网络访问 READ READ ✓ 一致 SKILL.md; scripts access Bing Images and Ctrip URLs
浏览器 READ READ ✓ 一致 SKILL.md; scripts control Chrome via osascript DOM manipulation
命令执行 NONE WRITE ✗ 越权 auto_fill.py:14 subprocess.run(['osascript']); ctrip_auto_publish.py:37+52+69 su…
环境变量 NONE NONE No env var access observed
剪贴板 NONE NONE No clipboard access observed
数据库 NONE NONE No database access observed
技能调用 NONE NONE No cross-skill invocation observed
5 项发现
🔗
中危 外部 URL 外部 URL
https://we.ctrip.com/publish/publishPictureText
SKILL.md:65
🔗
中危 外部 URL 外部 URL
https://we.ctrip.com/publish/publishHome
SKILL.md:170
🔗
中危 外部 URL 外部 URL
https://we.ctrip.com/publish/contentManagement
SKILL.md:171
🔗
中危 外部 URL 外部 URL
https://we.ctrip.com/publish/detail?articleType=1
scripts/publish.py:15
🔗
中危 外部 URL 外部 URL
https://we.ctrip.com/publish/detail?articleType=2
scripts/publish.py:16

目录结构

7 文件 · 26.4 KB · 885 行
Python 4f · 684L Markdown 1f · 170L Shell 1f · 21L JSON 1f · 10L
├─ 📁 scripts
│ ├─ 🐍 auto_fill.py Python 169L · 5.2 KB
│ ├─ 🐍 ctrip_auto_publish.py Python 340L · 10.4 KB
│ ├─ 🐍 generate_script.py Python 143L · 4.5 KB
│ ├─ 🐍 publish.py Python 32L · 849 B
│ └─ 🔧 publish.sh Shell 21L · 494 B
├─ 📋 _meta.json JSON 10L · 283 B
└─ 📝 SKILL.md Markdown 170L · 4.6 KB

依赖分析 2 项

包名版本来源已知漏洞备注
playwright * pip3 Version not pinned in publish.sh
websockets not used pip Listed in SKILL.md but not used in any script

安全亮点

✓ No credential harvesting or environment variable enumeration observed
✓ No data exfiltration or external C2 communication detected
✓ No obfuscation, base64-encoded payloads, or anti-analysis techniques
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, keychain)
✓ No reverse shell, RCE payloads, or privilege escalation attempts
✓ No hidden HTML comments or prompt injection instructions
✓ Content and destinations are hardcoded sample travel data, not user data theft
✓ Filesystem write scope is limited to /tmp and ~/.qclaw/workspace, both non-sensitive