中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 18/100
上次扫描:21 小时前 重新扫描
18 /100
medical-triage-booking
面向C端医疗导诊。根据用户主诉、病史等信息先做安全分流和挂号科室判断,再从内置医院数据中筛选最适合的医院/科室/医生 Top 3;随后给出北京114/京通挂号提示、挂号后提醒建议,以及基于百度地图的到院路线规划链接。
A legitimate medical triage and route-planning skill with no malicious behavior detected; all network access and shell execution are declared in SKILL.md and serve documented purposes.
技能名称medical-triage-booking
分析耗时34.2s
引擎pi
可以安装
No blocking action required. Consider pinning the Baidu Maps API key version and removing the hardcoded fallback key in baidu_route_link.py as a hardening measure.

安全发现 2 项

严重性 安全发现 位置
低危
Hardcoded fallback Baidu API key in source 凭证窃取
baidu_route_link.py line 129 contains os.getenv('BAIDU_MAP_AK', 'wK1w1xlWg2Mg6SNLYyLMPl4NuYl9JIf8'). While the key itself is not exfiltrated and is a public API key for Baidu Maps (a legitimate dependency), hardcoding fallback credentials in source code is poor practice — if the key is rotated or scoped, the skill will silently use a key the operator may not intend.
ak = os.getenv('BAIDU_MAP_AK', 'wK1w1xlWg2Mg6SNLYyLMPl4NuYl9JIf8')
→ Remove the hardcoded fallback key. Require BAIDU_MAP_AK to be explicitly set; fail with a clear error if missing (as baidu_geocode.py already does at line 27).
 scripts/baidu_route_link.py:129
低危
Environment variable access not declared in SKILL.md 敏感访问
BAIDU_MAP_AK is read from os.environ in two scripts but SKILL.md does not declare environment variable access. The access is legitimate (API key for Baidu Maps, a documented dependency), but transparency would improve auditability.
ak = os.getenv('BAIDU_MAP_AK')
→ Add a 'Required environment variables' section to SKILL.md listing BAIDU_MAP_AK.
 scripts/baidu_geocode.py:26
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 SKILL.md invokes python3 scripts; scripts use subprocess only via OS python3 inv…
文件系统 READ READ ✓ 一致 Scripts read CSV files and triage rules; no writes observed
网络访问 READ READ ✓ 一致 Outbound calls to Baidu Maps APIs are declared and serve documented geocoding/ro…
环境变量 NONE READ ✓ 一致 Scripts read BAIDU_MAP_AK from os.environ (baidu_geocode.py:26, baidu_route_link…
5 项发现
🔗
中危 外部 URL 外部 URL
https://api.map.baidu.com/geocoding/v3/
scripts/baidu_geocode.py:21
🔗
中危 外部 URL 外部 URL
https://api.map.baidu.com/directionlite/v1/driving
scripts/baidu_route_link.py:30
🔗
中危 外部 URL 外部 URL
https://api.map.baidu.com/directionlite/v1/walking
scripts/baidu_route_link.py:31
🔗
中危 外部 URL 外部 URL
https://api.map.baidu.com/directionlite/v1/riding
scripts/baidu_route_link.py:32
🔗
中危 外部 URL 外部 URL
http://api.map.baidu.com/direction?
scripts/baidu_route_link.py:101

目录结构

6 文件 · 29.2 KB · 824 行
Python 4f · 638L Markdown 2f · 186L
├─ 📁 references
│ └─ 📝 triage_rules.md Markdown 39L · 1.8 KB
├─ 📁 scripts
│ ├─ 🐍 appointment_reminders.py Python 58L · 1.6 KB
│ ├─ 🐍 baidu_geocode.py Python 63L · 2.0 KB
│ ├─ 🐍 baidu_route_link.py Python 188L · 6.3 KB
│ └─ 🐍 triage_and_match.py Python 329L · 12.5 KB
└─ 📝 SKILL.md Markdown 147L · 5.0 KB

依赖分析 1 项

包名版本来源已知漏洞备注
BAIDU_MAP_AK N/A environment variable API key for Baidu Maps geocoding/routing; read from env but not declared in SKILL.md

安全亮点

✓ No credential harvesting or exfiltration — only reads a legitimate Baidu Maps API key
✓ No base64-encoded or obfuscated code — all scripts are plain, readable Python
✓ No remote script execution (curl|bash, wget|sh) — only uses local python3 invocations
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env
✓ No reverse shell, C2 communication, or data theft behavior
✓ SKILL.md accurately describes all scripts and their purposes
✓ CSV file access is scoped to a single, named hospital data file
✓ Network access is limited to documented Baidu Maps API endpoints
✓ No subprocess spawning of arbitrary shell commands beyond documented python3 script calls
✓ Clear emergency keyword detection to prioritize user safety