Skill Trust Decision

amazon-screenshot

Name: amazon-screenshot Trust Review Report
Item: amazon-screenshot
Rating: 60
Author: ClawSafe

核心功能为合法的亚马逊ASIN截图工具，但存在多处阴影行为：硬编码SMTP凭证未声明、Chrome以有头模式访问用户真实登录会话、子进程执行环境检测，构成文档-行为不符风险。

Install decision first Source: ClawHub Scanned: 23 hr ago

Files 9

Artifacts 7

Violations 2

Findings 5

Most direct threat evidence

High Credential Theft

硬编码SMTP服务凭证（阴影功能）

代码中硬编码了飞书SMTP密码 rDs70BwDDg6U9YbO，关联账号 [email protected]。SKILL.md 仅描述「MOSS邮箱发送」功能，完全未提及凭证的存在。此凭证若被提取可用于以该身份发送任意邮件。

scripts/screenshot.js:51

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

7 lower-risk artifacts were extracted and still need context.

Block

Attack chain and severe findings

The report includes 0 attack-chain steps and 1 severe findings.

Review

Dependencies and supply chain hygiene

4 dependency or supply-chain issues need attention.

What drove the risk score up

未声明的硬编码SMTP凭证 +20

代码中硬编码了飞书SMTP密码 rDs70BwDDg6U9YbO，SKILL.md 仅提到「MOSS邮箱」却未告知凭证存在，若泄露可被用于以 [email protected] 身份发送任意邮件

子进程执行未在文档声明 +10

autoDetectDisplay() 通过 execSync 执行 python3 脚本遍历 X11 socket 检测 DISPLAY，SKILL.md 仅描述「自动检测」未提及底层 subprocess 调用

Chrome有头模式+持久Profile高权限访问 +10

headless:false + 持久化 chrome_profile/ 目录意味着代码运行在用户真实Chrome窗口中，可访问所有登录态/Cookie，SKILL.md 未明确此风险

Most important evidence

High Credential Theft

硬编码SMTP服务凭证（阴影功能）

scripts/screenshot.js:51

将凭证移至环境变量或加密配置文件，运行时注入；文档中明确说明凭证管理方式。

Medium Priv Escalation

Chrome有头模式+持久化Profile访问真实用户会话

headless:false + USER_DATA_DIR 指向 chrome_profile/ 意味着Playwright Chrome运行于用户真实X11窗口，可访问用户所有登录态、Cookie、缓存。代码可操控用户真实浏览器行为，权限远超「截图」所需。

scripts/screenshot.js:119

文档应明确警示此配置意味着使用用户真实Chrome会话；考虑使用独立临时Profile而非持久化Profile。

Medium RCE

子进程执行未声明（阴影功能）

autoDetectDisplay() 通过 execSync 执行 python3 内联脚本，遍历 /tmp/.X11-unix/ 检测当前活跃X Display编号，SKILL.md 仅描述「DISPLAY自动检测」未提及底层subprocess调用。

scripts/screenshot.js:34

文档声明shell执行能力，或使用纯Node.js方案替代subprocess。

Low Supply Chain

npm依赖无版本锁定

package.json 和 scripts/package.json 中依赖均使用 ^ 允许次版本升级，存在依赖被篡改风险（如 nodemailer、playwright）。

package.json:1

将依赖版本锁定至精确版本（如 nodemailer: 8.0.7），定期审计已知漏洞。

Low Doc Mismatch

邮件发送能力声明模糊

SKILL.md 描述「通过MOSS邮箱发送」，但未明确说明通过SMTP协议发送到外部邮件服务商（smtp.feishu.cn），也未声明附件ZIP的传输路径。

SKILL.md:1

补充说明邮件传输方式和外部服务依赖。

Declared capability vs actual capability

Filesystem Pass

Declared WRITE

→

Inferred WRITE

scripts/screenshot.js:126 写入PNG截图和ZIP压缩包

Network Block

Declared READ

→

Inferred READ+WRITE

scripts/screenshot.js:168-202 通过 nodemailer SMTP 向外部服务器发送邮件+附件（WRITE未声明）

Shell Block

Declared NONE

→

Inferred WRITE

scripts/screenshot.js:34 execSync('python3 - <<EOF...') 执行子进程检测X11 display

Browser Pass

Declared READ

→

Inferred READ

scripts/screenshot.js:119-148 通过Playwright+Chrome截图，能力与声明一致

Suspicious artifacts and egress

Medium External URL

https://www.amazon.com/https://www.amazon.com/

chrome_profile/Default/Service Worker/CacheStorage/2a1c18365e83cb6e1347464058faa3d44e45a31c/index.txt:11

Medium External URL

https://www.patreon.com/feross

scripts/package-lock.json:84

Medium External URL

https://feross.org/support

scripts/package-lock.json:88

Medium External URL

https://www.amazon.com/dp/$

scripts/screenshot.js:65

Medium External URL

https://www.amazon.com

scripts/screenshot.js:135

Info Email

[email protected]

SKILL.md:10

Info Email

[email protected]

SKILL.md:30

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
nodemailer	`^8.0.7`	npm	No	无版本锁定，邮件发送核心依赖
playwright	`^1.59.1`	npm	No	无版本锁定，浏览器自动化依赖
playwright-extra	`^4.3.6`	npm	No	无版本锁定
archiver	`^8.0.0`	npm	No	scripts目录，无版本锁定
docx	`^9.6.1`	npm	No	scripts目录，未在主代码中引用，可能未使用

File composition

9 files · 1436 lines

JSON 6 files · 974 linesJavaScript 1 files · 373 linesMarkdown 1 files · 79 linesText 1 files · 10 lines

Files of concern · 5

scripts/package-lock.json JSON · 827 lines

https://www.patreon.com/feross · https://feross.org/support

scripts/screenshot.js JavaScript · 373 lines

硬编码SMTP服务凭证（阴影功能） · Chrome有头模式+持久化Profile访问真实用户会话 · 子进程执行未声明（阴影功能） · https://www.amazon.com/dp/$ · https://www.amazon.com

SKILL.md Markdown · 79 lines

邮件发送能力声明模糊 · [email protected] · [email protected]

chrome_profile/Default/Service Worker/CacheStorage/2a1c18365e83cb6e1347464058faa3d44e45a31c/index.txt Text · 10 lines

https://www.amazon.com/https://www.amazon.com/

package.json JSON · 8 lines

npm依赖无版本锁定

Other files · package-lock.json · package.json · metadata.json · metadata.json

Security positives

功能逻辑清晰，主要功能（ASIN截图→ZIP→邮件）与文档描述一致

邮箱域名白名单限制（@campsnail.com）防止邮件滥用

并发锁机制防止重复执行

截图/ZIP发送后自动清理，不持久化数据

任务完成后主动通知用户，无静默失败

无凭证收割、远程代码执行、反向Shell等典型恶意行为