中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 45/100
上次扫描:1 天前 重新扫描
45 /100
flyai-transit-tour
中转不浪费攻略助手 - 帮用户把中转等待变成免费旅行,找到中转能玩的航班方案
Skill declares no permissions but workflow.md requires shell:WRITE for npm install, filesystem access to ~/.flyai/, and contains TLS bypass with undeclared external dependencies.
技能名称flyai-transit-tour
分析耗时44.6s
引擎pi
谨慎使用
SKILL.md must be updated to declare shell:WRITE (npm install -g), filesystem:WRITE (~/.flyai/), and filesystem:READ (~/.flyai/) permissions. Pin FlyAI CLI to a specific version instead of @latest.

安全发现 5 项

严重性 安全发现 位置
高危
Undeclared shell execution in workflow 文档欺骗
SKILL.md declares no permissions, but reference/workflow.md requires executing 'npm install -g @fly-ai/flyai-cli@latest' which is shell:WRITE level.
npm install -g @fly-ai/flyai-cli@latest --registry=https://registry.npmjs.org
→ Add shell:WRITE to declared permissions in SKILL.md frontmatter or remove inline CLI installation.
 reference/workflow.md:11
高危
Undeclared filesystem access for user profile storage 文档欺骗
user-profile-storage.md reads/writes to ~/.flyai/user-profile.md without declaring filesystem:READ or filesystem:WRITE permissions.
read_file(file_path="~/.flyai/user-profile.md")
→ Declare filesystem:READ and filesystem:WRITE permissions in SKILL.md for ~/.flyai/ path access.
 reference/user-profile-storage.md:55
中危
Unpinned dependency version 供应链
npm install uses @fly-ai/flyai-cli@latest which fetches the latest version without pinning, risking supply chain attacks.
@fly-ai/flyai-cli@latest
→ Pin to a specific version (e.g., @fly-ai/[email protected]) to ensure reproducible and secure builds.
 reference/workflow.md:11
中危
TLS verification bypass 敏感访问
Workflow instructs to set NODE_TLS_REJECT_UNAUTHORIZED=0 to bypass SSL certificate verification, exposing connections to MITM attacks.
NODE_TLS_REJECT_UNAUTHORIZED=0 flyai <command>
→ Investigate root cause of SSL errors and fix CA certificates rather than disabling verification.
 reference/workflow.md:17
低危
Reference files contain executable patterns 文档欺骗
Reference markdown files contain bash commands that would need to be executed as shell commands if used as scripts.
flyai --help
→ Clearly document whether reference files are documentation or executable scripts.
 reference/workflow.md:36
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✗ 越权 reference/workflow.md:11 - npm install -g @fly-ai/flyai-cli
文件系统 NONE WRITE ✗ 越权 reference/user-profile-storage.md - mkdir -p ~/.flyai, write ~/.flyai/user-profi…
文件系统 NONE READ ✗ 越权 reference/user-profile-storage.md - read ~/.flyai/user-profile.md
网络访问 NONE READ ✗ 越权 reference/workflow.md:11 - downloads CLI from registry.npmjs.org
4 项发现
🔗
中危 外部 URL 外部 URL
https://img.alicdn.com/...
reference/search-hotel.md:44
🔗
中危 外部 URL 外部 URL
https://img.alicdn.com/tfscom/...
reference/search-poi.md:32
🔗
中危 外部 URL 外部 URL
https://nodejs.org/
reference/workflow.md:19
🔗
中危 外部 URL 外部 URL
https://registry.npmmirror.com
reference/workflow.md:21

目录结构

13 文件 · 33.4 KB · 1035 行
Markdown 13f · 1035L
├─ 📁 reference
│ ├─ 📝 ai-search.md Markdown 26L · 659 B
│ ├─ 📝 airport-guide.md Markdown 11L · 476 B
│ ├─ 📝 examples.md Markdown 26L · 710 B
│ ├─ 📝 keyword-search.md Markdown 53L · 1.6 KB
│ ├─ 📝 search-flight.md Markdown 87L · 3.0 KB
│ ├─ 📝 search-hotel.md Markdown 57L · 1.8 KB
│ ├─ 📝 search-marriott-hotel.md Markdown 54L · 1.8 KB
│ ├─ 📝 search-marriott-package.md Markdown 40L · 995 B
│ ├─ 📝 search-poi.md Markdown 47L · 2.2 KB
│ ├─ 📝 search-train.md Markdown 77L · 2.6 KB
│ ├─ 📝 user-profile-storage.md Markdown 187L · 4.1 KB
│ └─ 📝 workflow.md Markdown 279L · 9.7 KB
└─ 📝 SKILL.md Markdown 91L · 3.9 KB

依赖分析 1 项

包名版本来源已知漏洞备注
@fly-ai/flyai-cli latest (unpinned) npm registry.npmjs.org No version pinning - could fetch malicious updates

安全亮点

✓ No executable scripts (Python, JS, shell) present - only Markdown documentation
✓ No credential harvesting or environment variable iteration observed
✓ No base64-encoded payloads or obfuscation techniques detected
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env access)
✓ No reverse shell, C2 communication, or data exfiltration patterns
✓ No supply chain typosquatting detected (package name is descriptive)