Skill Trust Decision
dating
主 Skill 本身声明清晰,但子模块采集行为超出 dating 场景范围,且 check_manobrowser.sh 连接外部数据采集服务端点存在影子数据传输风险。
Most direct threat evidence
01
用户调用 dating skill,声称只分析公开信息 Entry · SKILL.md
02
自动执行 git clone 下载 manoBrowser 到本地 Escalation · SKILL.md
03
check_manobrowser.sh 连接外部 API 端点传输凭证 Escalation · scripts/check_manobrowser.sh
Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
3 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
17 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 4 attack-chain steps and 0 severe findings.
Review
Dependencies and supply chain hygiene
1 dependency or supply-chain issues need attention.
Attack Chain
01
用户调用 dating skill,声称只分析公开信息
Entry · SKILL.md:1
02
自动执行 git clone 下载 manoBrowser 到本地
Escalation · SKILL.md:145
03
check_manobrowser.sh 连接外部 API 端点传输凭证
Escalation · scripts/check_manobrowser.sh:26
04
子模块实际采集收藏/点赞/关注全量数据,超出声明范围
Impact · xiaohongshu-deep-profile-collect/SKILL.md:1
What drove the risk score up
外部端点连接未充分声明 +20
check_manobrowser.sh 连接 datasaver.deepminingai.com/api/v2/,数据传输目的不明
自动 git clone 无确认机制 +10
Step 0.1 自动从 GitHub 下载 manoBrowser,shell:WRITE 权限未声明
子模块采集范围超出场景 +10
Dating 声明只采集公开内容,但子模块实际采集收藏/点赞/关注等完整数据
Most important evidence
Medium Data Exfil
ManoBrowser 脚本连接外部数据采集服务端点
check_manobrowser.sh 将 API Key 和设备信息 POST 到 datasaver.deepminingai.com/api/v2/ 端点。该端点域名包含 'datasaver' 和 'deepminingai',数据流向不明。SKILL.md 未声明此外部连接。
scripts/check_manobrowser.sh:26 明确声明数据外传目的地及用途,或使用本地 MCP 连接替代外部中转
Medium Priv Escalation
自动 git clone 下载外部依赖
Step 0.1 声明当未找到 manoBrowser 时自动执行 git clone,这需要 filesystem:WRITE 和 shell:WRITE 权限,且从外部来源执行代码。
SKILL.md:145 改为引导用户手动安装,或要求明确的用户授权
Medium Doc Mismatch
子模块采集范围与主 Skill 声明不符
Dating SKILL.md 声称'只采集公开内容,跳过收藏和点赞',但 xiaohongshu/douyin/weibo/douban 子模块明确包含收藏列表、点赞列表、关注列表的全量采集代码。
xiaohongshu-deep-profile-collect/SKILL.md, douyin-deep-profile-collect/SKILL.md:1 主 Skill 应完整声明实际会使用的子模块采集范围
Low Supply Chain
无版本锁定的外部依赖
git clone ManoBrowser 无版本指定,且 check_manobrowser.sh 依赖外部服务 datasaver.deepminingai.com,存在供应链风险。
SKILL.md:145, scripts/check_manobrowser.sh:26:1 使用特定版本 tag 或 commit hash,验证外部服务身份
Declared capability vs actual capability
Filesystem Block
Declared NONE
→ Inferred WRITE
SKILL.md:145 git clone 操作 Network Block
Declared NONE
→ Inferred READ
check_manobrowser.sh:26 curl POST 到外部端点 Shell Block
Declared NONE
→ Inferred WRITE
SKILL.md:145 subprocess/git 命令 Suspicious artifacts and egress
Medium External URL
https://www.bilibili.com bilibili-deep-profile-collect/SKILL.md:49
Medium External URL
https://api.bilibili.com/x/web-interface/nav bilibili-deep-profile-collect/SKILL.md:65
Medium External URL
https://space.bilibili.com/ bilibili-deep-profile-collect/SKILL.md:95
Medium External URL
https://api.bilibili.com/x/v3/fav/folder/created/list-all?up_mid= bilibili-deep-profile-collect/SKILL.md:148
Medium External URL
https://api.bilibili.com/x/v3/fav/resource/list?media_id= bilibili-deep-profile-collect/SKILL.md:186
Medium External URL
https://www.douban.com/mine/ douban-deep-profile-collect/SKILL.md:47
Medium External URL
https://movie.douban.com/people/ douban-deep-profile-collect/SKILL.md:90
Medium External URL
https://book.douban.com/people/ douban-deep-profile-collect/SKILL.md:223
Medium External URL
https://www.douban.com/people/ douban-deep-profile-collect/SKILL.md:357
Medium External URL
https://www.douyin.com/user/self douyin-deep-profile-collect/SKILL.md:50
Medium External URL
https://datasaver.deepminingai.com/api/v2/ scripts/check_manobrowser.sh:26
Medium External URL
https://weibo.com/ weibo-deep-profile-collect/SKILL.md:45
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| ManoBrowser | latest (unversioned) | GitHub (git clone) | No | 无版本锁定,外部代码执行 |
| datasaver.deepminingai.com | N/A | External API | No | 数据传输目的不明 |
File composition
9 files · 2995 lines
Markdown 8 files · 2941 linesShell 1 files · 54 lines
Files of concern · 7
douban-deep-profile-collect/SKILL.md https://www.douban.com/mine/ · https://movie.douban.com/people/ · https://book.douban.com/people/ · https://www.douban.com/people/
xiaohongshu-deep-profile-collect/SKILL.md https://www.xiaohongshu.com/ · https://www.xiaohongshu.com
SKILL.md 自动 git clone 下载外部依赖
douyin-deep-profile-collect/SKILL.md https://www.douyin.com/user/self
bilibili-deep-profile-collect/SKILL.md https://www.bilibili.com · https://api.bilibili.com/x/web-interface/nav · https://space.bilibili.com/ · https://api.bilibili.com/x/v3/fav/folder/created/list-all?up_mid= · https://api.bilibili.com/x/v3/fav/resource/list?media_id=
weibo-deep-profile-collect/SKILL.md https://weibo.com/ · https://weibo.com/u/ · https://weibo.com/u/page/follow/ · https://weibo.com/u/page/fav/
scripts/check_manobrowser.sh ManoBrowser 脚本连接外部数据采集服务端点 · https://datasaver.deepminingai.com/api/v2/
Other files · README.md · xiaokai_date_report.md
Security positives
文档结构完整,流程清晰
数据存储在本地 clawcap-data/ 目录,不上传第三方服务器
明确声明隐私边界(不登录对方账号、不推测敏感信息)
主 Skill 定位合理(约会准备助手)