中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 55/100
Last scan:1 day ago Rescan
55 /100
buy-domain-helper
3-layer site launcher: tunnel any HTML instantly, deploy to Cloudflare Pages, then buy a domain and link it via DNS
Skill has multiple undeclared shell execution patterns, supply-chain risk from npx -y arbitrary package execution, and potential command injection from unsanitized user inputs passed to wrangler CLI.
Skill Namebuy-domain-helper
Duration48.4s
Enginepi
Use with caution
Remove npx -y serve; pin it as a project dependency. Sanitize projectName and dir arguments before shell interpolation. Declare all env vars (NETA_TOKEN, CF_API_TOKEN, CF_ACCOUNT_ID) in SKILL.md env. Replace execSync('brew install') with explicit dependency requirement.

Findings 5 items

Severity Finding Location
High
Undeclared shell execution via execSync and spawn Priv Escalation
site.js performs execSync('which cloudflared'), execSync('brew install cloudflared'), execSync(wrangler ...), spawn('cloudflared'...), spawn('npx'...) — all shell execution — but SKILL.md declares env:[] and only lists bins:[node,cloudflared,wrangler] with no shell or network declarations.
execSync('which cloudflared', ...); execSync('brew install cloudflared', ...); spawn('npx', ['-y', 'serve', ...]); execSync(`wrangler pages deploy...`)
→ Declare shell:WRITE and network:READ in SKILL.md metadata. Replace brew install with a clear error message requiring manual installation. Remove npx serve or pin it as a dependency.
 site.js:70-71, 90, 102
High
npx -y serve downloads and executes arbitrary unpinned npm package at runtime Supply Chain
site.js line 90 executes 'npx -y serve' to serve static files before tunneling. This downloads and runs the latest 'serve' package from npm without version pinning, creating a supply-chain attack vector. The serve package is not in package.json dependencies.
const serveProc = spawn('npx', ['-y', 'serve', target, '-p', '8080', '-s'], { stdio: 'ignore' });
→ Add 'serve' as a pinned dependency in package.json and invoke it via local node_modules instead of npx.
 site.js:90
Medium
NETA_TOKEN environment variable declared in package.json but absent from SKILL.md Doc Mismatch
package.json clawhub.env section declares a required NETA_TOKEN env var for 'Neta AI API token', but SKILL.md declares env:[] (empty array). This undeclared environment dependency is a doc-to-code mismatch.
{"name": "NETA_TOKEN", "description": "Neta AI API token. Get it at https://www.neta.art/open/", "required": true}
→ Add NETA_TOKEN to SKILL.md env array with description, or remove from package.json if unused in site.js.
 package.json:7
Medium
Command injection risk: unsanitized user inputs in shell commands RCE
execSync on line 102-103 interpolates projectName and dir (from user-provided CLI args) directly into a shell command string passed to wrangler. While wrangler likely handles this safely, passing arbitrary strings to shell without validation is risky.
execSync(`wrangler pages deploy "${dir}" --project-name "${projectName}" --branch main 2>&1`, { env })
→ Validate that projectName matches expected pattern (alphanumeric, hyphens). Enforce dir exists and is within expected paths.
 site.js:102
Medium
Full process.env inherited by child processes Priv Escalation
site.js line 104 passes the entire process.env to wrangler via env:{...process.env, CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID}. This exposes all environment variables (including potentially sensitive ones) to the child process.
const env = { ...process.env, CLOUDFLARE_API_TOKEN: TOKEN, CLOUDFLARE_ACCOUNT_ID: ACCOUNT };
→ Pass only the specific environment variables needed (CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID, PATH) without spreading process.env.
 site.js:104
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✗ Violation site.js:70 execSync('which cloudflared'); site.js:71 execSync('brew install clou…
Network NONE READ ✗ Violation site.js:26 fetches api.cloudflare.com; site.js:90 spawns npx which reaches npm r…
Environment NONE READ ✗ Violation site.js:29-30 reads CF_API_TOKEN, CF_ACCOUNT_ID; site.js:104 passes full process…
Filesystem NONE WRITE ✗ Violation site.js:90 npx serve writes to disk in /tmp; wrangler deploy writes build artifa…
8 findings
🔗
Medium External URL 外部 URL
https://abc.trycloudflare.com
README.md:41
🔗
Medium External URL 外部 URL
https://*.trycloudflare.com
README.md:65
🔗
Medium External URL 外部 URL
https://dash.cloudflare.com/profile/api-tokens
README.md:81
🔗
Medium External URL 外部 URL
https://abc123.my-site.pages.dev
README.md:88
🔗
Medium External URL 外部 URL
https://dash.cloudflare.com/
README.md:110
🔗
Medium External URL 外部 URL
https://mysite.com
README.md:149
🔗
Medium External URL 外部 URL
https://www.neta.art/open/
package.json:9
🔗
Medium External URL 外部 URL
https://api.cloudflare.com/client/v4
site.js:26

File Tree

4 files · 15.4 KB · 420 lines
Markdown 2f · 240L JavaScript 1f · 166L JSON 1f · 14L
├─ 📋 package.json JSON 14L · 268 B
├─ 📝 README.md Markdown 191L · 5.9 KB
├─ 📜 site.js JavaScript 166L · 7.4 KB
└─ 📝 SKILL.md Markdown 49L · 1.8 KB

Dependencies 3 items

PackageVersionSourceKnown VulnsNotes
serve unpinned npm (via npx -y) No Not listed in package.json; downloaded at runtime via npx -y without version pin — supply-chain risk
cloudflared unpinned Homebrew No Installed via brew install if missing, not declared in package.json
wrangler unpinned npm/global No Required binary, not declared in package.json

Security Positives

✓ No credential exfiltration — tokens are used only for Cloudflare API calls
✓ README.md is thorough and transparently documents the tunnel, pages, and DNS layers
✓ No base64-encoded payloads or obfuscated code
✓ No attempt to access ~/.ssh, ~/.aws, .env, or other sensitive paths
✓ No persistence mechanisms (cron, startup hooks, backdoors) detected
✓ API calls are limited to official Cloudflare API endpoints