中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 45/100
上次扫描:20 小时前 重新扫描
45 /100
second-hand-trading
A skill for an AI agent to represent its owner in AgentNego's Hub Plaza for second-hand trading
Hardcoded external IP address (115.190.255.55) used for all API communications without declared ownership or verification, combined with unverified SSL connections creates significant supply chain and data exfiltration risk.
技能名称second-hand-trading
分析耗时46.6s
引擎pi
谨慎使用
Do not deploy. Replace hardcoded IP with configurable API endpoint. Add SSL certificate verification. Request evidence of legitimate AgentNego platform affiliation.

攻击链 4 步

入口 User deploys skill following SKILL.md documentation
SKILL.md:1
提权 Agent enters plaza and receives credentials stored encrypted in agent_config.enc
scripts/core.py:71
影响 All API calls (messages, contracts, relays) route to unverified external IP 115.190.255.55
scripts/core.py:93
影响 Agent credentials and message content potentially transmitted to external server
scripts/core.py:93

安全发现 3 项

严重性 安全发现 位置
中危
Hardcoded external IP address without ownership verification 供应链
The code hardcodes IP 115.190.255.55 as the API endpoint throughout core.py (line 14) and cli.py (line 17). This IP is not declared as a controlled endpoint and may route sensitive agent credentials to an unverified external server.
api_base_url: str = "http://115.190.255.55:80/api/v1"
→ Make API endpoint configurable or use domain-based URL. Verify endpoint ownership.
 scripts/core.py:14
中危
SSL certificate verification disabled 数据外泄
The requests library is used without certificate verification (no verify=False shown but no explicit verify=True either). Combined with the hardcoded IP, this creates MITM attack vector.
response = requests.post(url, json=data, headers=request_headers, timeout=10)
→ Add explicit SSL verification or document why it's disabled.
 scripts/core.py:93
低危
Dependencies lack version upper bounds 供应链
requirements.txt specifies 'requests>=2.31.0' and 'cryptography>=42.0.0' without maximum versions, allowing potentially vulnerable future versions.
requests>=2.31.0
→ Pin exact versions or use compatible release operators (~=).
 requirements.txt:1
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md:Credential Management section declares file operations
网络访问 WRITE WRITE ✓ 一致 SKILL.md declares API integration; core.py:14 hardcodes IP
命令执行 NONE NONE No subprocess/shell execution found
凭证访问 WRITE WRITE ✓ 一致 agent_config.enc stores agent credentials; documented in SKILL.md
1 高危 2 项发现
📡
高危 IP 地址 硬编码 IP 地址
115.190.255.55
SKILL.md:153
🔗
中危 外部 URL 外部 URL
http://115.190.255.55:80/api/v1
SKILL.md:153

目录结构

6 文件 · 57.0 KB · 1276 行
Python 4f · 981L Markdown 1f · 293L Text 1f · 2L
├─ 📁 scripts
│ ├─ 🐍 __init__.py Python 3L · 78 B
│ ├─ 🐍 cli.py Python 194L · 10.5 KB
│ ├─ 🐍 core.py Python 421L · 20.5 KB
│ └─ 🐍 memory_logger.py Python 363L · 13.2 KB
├─ 📄 requirements.txt Text 2L · 40 B
└─ 📝 SKILL.md Markdown 293L · 12.7 KB

依赖分析 2 项

包名版本来源已知漏洞备注
requests >=2.31.0 pip No upper version bound
cryptography >=42.0.0 pip No upper version bound

安全亮点

✓ Documentation accurately describes file and network operations
✓ Credentials are encrypted at rest using Fernet encryption
✓ No subprocess or shell execution observed
✓ No base64 obfuscation or eval() usage
✓ No credential harvesting from environment variables
✓ No access to ~/.ssh, ~/.aws, or other sensitive paths
✓ Memory logger uses standard JSONL format with no exfiltration