中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 18/100
Last scan:21 hr ago Rescan
18 /100
medical-triage-booking
面向C端医疗导诊。根据用户主诉、病史等信息先做安全分流和挂号科室判断,再从内置医院数据中筛选最适合的医院/科室/医生 Top 3;随后给出北京114/京通挂号提示、挂号后提醒建议,以及基于百度地图的到院路线规划链接。
A legitimate medical triage and route-planning skill with no malicious behavior detected; all network access and shell execution are declared in SKILL.md and serve documented purposes.
Skill Namemedical-triage-booking
Duration34.2s
Enginepi
Safe to install
No blocking action required. Consider pinning the Baidu Maps API key version and removing the hardcoded fallback key in baidu_route_link.py as a hardening measure.

Findings 2 items

Severity Finding Location
Low
Hardcoded fallback Baidu API key in source Credential Theft
baidu_route_link.py line 129 contains os.getenv('BAIDU_MAP_AK', 'wK1w1xlWg2Mg6SNLYyLMPl4NuYl9JIf8'). While the key itself is not exfiltrated and is a public API key for Baidu Maps (a legitimate dependency), hardcoding fallback credentials in source code is poor practice — if the key is rotated or scoped, the skill will silently use a key the operator may not intend.
ak = os.getenv('BAIDU_MAP_AK', 'wK1w1xlWg2Mg6SNLYyLMPl4NuYl9JIf8')
→ Remove the hardcoded fallback key. Require BAIDU_MAP_AK to be explicitly set; fail with a clear error if missing (as baidu_geocode.py already does at line 27).
 scripts/baidu_route_link.py:129
Low
Environment variable access not declared in SKILL.md Sensitive Access
BAIDU_MAP_AK is read from os.environ in two scripts but SKILL.md does not declare environment variable access. The access is legitimate (API key for Baidu Maps, a documented dependency), but transparency would improve auditability.
ak = os.getenv('BAIDU_MAP_AK')
→ Add a 'Required environment variables' section to SKILL.md listing BAIDU_MAP_AK.
 scripts/baidu_geocode.py:26
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned SKILL.md invokes python3 scripts; scripts use subprocess only via OS python3 inv…
Filesystem READ READ ✓ Aligned Scripts read CSV files and triage rules; no writes observed
Network READ READ ✓ Aligned Outbound calls to Baidu Maps APIs are declared and serve documented geocoding/ro…
Environment NONE READ ✓ Aligned Scripts read BAIDU_MAP_AK from os.environ (baidu_geocode.py:26, baidu_route_link…
5 findings
🔗
Medium External URL 外部 URL
https://api.map.baidu.com/geocoding/v3/
scripts/baidu_geocode.py:21
🔗
Medium External URL 外部 URL
https://api.map.baidu.com/directionlite/v1/driving
scripts/baidu_route_link.py:30
🔗
Medium External URL 外部 URL
https://api.map.baidu.com/directionlite/v1/walking
scripts/baidu_route_link.py:31
🔗
Medium External URL 外部 URL
https://api.map.baidu.com/directionlite/v1/riding
scripts/baidu_route_link.py:32
🔗
Medium External URL 外部 URL
http://api.map.baidu.com/direction?
scripts/baidu_route_link.py:101

File Tree

6 files · 29.2 KB · 824 lines
Python 4f · 638L Markdown 2f · 186L
├─ 📁 references
│ └─ 📝 triage_rules.md Markdown 39L · 1.8 KB
├─ 📁 scripts
│ ├─ 🐍 appointment_reminders.py Python 58L · 1.6 KB
│ ├─ 🐍 baidu_geocode.py Python 63L · 2.0 KB
│ ├─ 🐍 baidu_route_link.py Python 188L · 6.3 KB
│ └─ 🐍 triage_and_match.py Python 329L · 12.5 KB
└─ 📝 SKILL.md Markdown 147L · 5.0 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
BAIDU_MAP_AK N/A environment variable No API key for Baidu Maps geocoding/routing; read from env but not declared in SKILL.md

Security Positives

✓ No credential harvesting or exfiltration — only reads a legitimate Baidu Maps API key
✓ No base64-encoded or obfuscated code — all scripts are plain, readable Python
✓ No remote script execution (curl|bash, wget|sh) — only uses local python3 invocations
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env
✓ No reverse shell, C2 communication, or data theft behavior
✓ SKILL.md accurately describes all scripts and their purposes
✓ CSV file access is scoped to a single, named hospital data file
✓ Network access is limited to documented Baidu Maps API endpoints
✓ No subprocess spawning of arbitrary shell commands beyond documented python3 script calls
✓ Clear emergency keyword detection to prioritize user safety