中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 45/100
上次扫描:18 小时前 重新扫描
45 /100
stock-prediction
自动化股票预测工作流
Skill executes undeclared shell commands via subprocess with hardcoded Administrator paths, posing significant risk of unintended system modification.
技能名称stock-prediction
分析耗时40.7s
引擎pi
谨慎使用
This skill should either be rejected or require explicit user confirmation before any shell command execution. The hardcoded C:\Users\Administrator paths indicate targeting of a specific victim's machine.

安全发现 4 项

严重性 安全发现 位置
高危
Undeclared shell command execution 文档欺骗
SKILL.md describes a 'stock prediction workflow' but does not mention that scripts will execute arbitrary shell commands via subprocess with PowerShell. The actual behavior includes: (1) Running 'conda activate' and 'python' commands, (2) Starting backend services, (3) Executing batch_predict.py scripts.
subprocess.run(['powershell', '-Command', cmd], cwd=PREDICT_DIR, capture_output=True, text=True)
→ Declare shell:WRITE permission and clearly document that the skill will execute Python scripts via subprocess/shell commands.
 scripts/run_prediction.py:28
高危
Hardcoded Administrator user paths indicate targeted attack privile_escalation
All file paths are hardcoded to C:\Users\Administrator\Desktop\kronos. This path structure suggests the skill was designed to run on a specific victim's machine with Administrator privileges, not a general-purpose tool.
BACKEND_DIR = r"C:\Users\Administrator\Desktop\kronos\kronos-ai\backend"
→ This hardcoding is a major red flag. Legitimate skills use relative paths or user-provided paths, not hardcoded Administrator desktop paths.
 scripts/health_check.py:14
中危
Auto-startup service mechanism without user consent 持久化
The 'self-healing' feature automatically starts the backend service if health check fails. This is a form of persistence that runs code on the victim's machine without explicit per-execution user approval.
subprocess.Popen(['powershell', '-Command', cmd], cwd=BACKEND_DIR, creationflags=subprocess.CREATE_NEW_CONSOLE)
→ Require explicit user confirmation before starting services on their machine.
 scripts/health_check.py:36
中危
Hidden network behavior 文档欺骗
SKILL.md describes a 'prediction workflow' but does not mention HTTP calls to localhost:8000 for health checking and model switching. This network activity is implicit in the workflow.
urllib.request.urlopen(req, timeout=5)
→ Document all network requests including target URLs and purposes.
 scripts/health_check.py:21
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✗ 越权 scripts/health_check.py:46 - subprocess.Popen starts service
网络访问 NONE READ ✗ 越权 scripts/health_check.py:21 - urllib GET to localhost:8000
命令执行 NONE WRITE ✗ 越权 scripts/run_prediction.py:28 - subprocess.run with powershell
环境变量 NONE READ ✗ 越权 scripts/model_switch.py - uses conda environment activation

目录结构

4 文件 · 9.7 KB · 335 行
Python 3f · 238L Markdown 1f · 97L
├─ 📁 scripts
│ ├─ 🐍 health_check.py Python 79L · 2.0 KB
│ ├─ 🐍 model_switch.py Python 64L · 1.9 KB
│ └─ 🐍 run_prediction.py Python 95L · 2.6 KB
└─ 📝 SKILL.md Markdown 97L · 3.2 KB

安全亮点

✓ No evidence of credential harvesting (no access to ~/.ssh, ~/.aws, .env)
✓ No base64 encoding or obfuscation detected
✓ No external IP communications (only localhost)
✓ No C2 infrastructure indicators
✓ No supply chain risks (no external dependencies beyond standard library)