中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:1 天前 重新扫描
20 /100
flyai-instant-departure
极限出发助手——X小时内能到哪?不是"想去哪搜机票",而是"就现在出发,最快能到哪"。
Pure Markdown documentation package with no executable code - all capabilities (shell commands, file access, network requests) are clearly documented in SKILL.md and reference files.
技能名称flyai-instant-departure
分析耗时36.0s
引擎pi
可以安装
Approve for use. The documented NODE_TLS_REJECT_UNAUTHORIZED=0 bypass is a minor concern but is explicitly declared. No hidden functionality detected.

安全发现 2 项

严重性 安全发现 位置
低危
Documented SSL certificate bypass 文档欺骗
workflow.md documents NODE_TLS_REJECT_UNAUTHORIZED=0 to bypass SSL verification for FlyAI CLI commands. This is a security concern but is explicitly declared.
NODE_TLS_REJECT_UNAUTHORIZED=0 flyai <command>
→ Consider using proper certificate management instead of disabling SSL verification, or document the security implications clearly.
 reference/workflow.md:48
低危
Accesses user home directory 敏感访问
References ~/.flyai/user-profile.md for storing user preferences. This is declared and reasonable for a travel planning skill.
~/.flyai/user-profile.md
→ No action required - access pattern is declared and necessary for the feature.
 reference/user-profile-storage.md:52
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md:16 - reads ~/.flyai/user-profile.md
网络访问 READ READ ✓ 一致 SKILL.md:5-6 - uses search-flight, search-hotel, search-poi APIs
命令执行 WRITE WRITE ✓ 一致 workflow.md:10 - npm install -g @fly-ai/flyai-cli
环境变量 READ READ ✓ 一致 workflow.md:48 - NODE_TLS_REJECT_UNAUTHORIZED=0
技能调用 READ READ ✓ 一致 SKILL.md:15 - search_memory, update_memory, ask_user_question
5 项发现
🔗
中危 外部 URL 外部 URL
https://img.alicdn.com/...
reference/search-hotel.md:44
🔗
中危 外部 URL 外部 URL
https://img.alicdn.com/tfscom/...
reference/search-poi.md:32
🔗
中危 外部 URL 外部 URL
https://nodejs.org/
reference/workflow.md:19
🔗
中危 外部 URL 外部 URL
https://registry.npmmirror.com
reference/workflow.md:21
🔗
中危 外部 URL 外部 URL
https://www.fliggy.com/xxx
reference/workflow.md:182

目录结构

12 文件 · 30.0 KB · 961 行
Markdown 12f · 961L
├─ 📁 reference
│ ├─ 📝 ai-search.md Markdown 26L · 659 B
│ ├─ 📝 examples.md Markdown 51L · 1.6 KB
│ ├─ 📝 keyword-search.md Markdown 53L · 1.6 KB
│ ├─ 📝 search-flight.md Markdown 87L · 3.0 KB
│ ├─ 📝 search-hotel.md Markdown 57L · 1.8 KB
│ ├─ 📝 search-marriott-hotel.md Markdown 54L · 1.8 KB
│ ├─ 📝 search-marriott-package.md Markdown 40L · 995 B
│ ├─ 📝 search-poi.md Markdown 47L · 2.2 KB
│ ├─ 📝 search-train.md Markdown 77L · 2.6 KB
│ ├─ 📝 user-profile-storage.md Markdown 187L · 4.1 KB
│ └─ 📝 workflow.md Markdown 188L · 5.9 KB
└─ 📝 SKILL.md Markdown 94L · 3.9 KB

安全亮点

✓ No executable code - purely Markdown documentation
✓ All capabilities clearly documented in SKILL.md
✓ No obfuscation or base64-encoded payloads
✓ No credential harvesting or data exfiltration
✓ No reverse shell or C2 communication patterns
✓ User profile storage is optional and declared
✓ External URLs are documented reference links only