安全决策报告
second-hand-trading
Hardcoded external IP address (115.190.255.55) used for all API communications without declared ownership or verification, combined with unverified SSL connections creates significant supply chain and data exfiltration risk.
最直接的威胁证据
01
User deploys skill following SKILL.md documentation 初始入口 · SKILL.md
02
Agent enters plaza and receives credentials stored encrypted in agent_config.enc 持久化 · scripts/core.py
03
All API calls (messages, contracts, relays) route to unverified external IP 115.190.255.55 最终危害 · scripts/core.py
为什么得出这个结论
2/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 4 步攻击链,另有 0 项高危或严重发现。
通过
依赖与供应链卫生
依赖结构存在,但暂未看到明显高危告警。
攻击链
01
User deploys skill following SKILL.md documentation
初始入口 · SKILL.md:1
02
Agent enters plaza and receives credentials stored encrypted in agent_config.enc
持久化 · scripts/core.py:71
03
All API calls (messages, contracts, relays) route to unverified external IP 115.190.255.55
最终危害 · scripts/core.py:93
04
Agent credentials and message content potentially transmitted to external server
最终危害 · scripts/core.py:93
风险分是怎么被拉高的
Hardcoded external IP address +20
All API calls route to 115.190.255.55 - no declared ownership or platform verification
Unverified SSL connections +15
requests library used without cert verification, vulnerable to MITM attacks
No version upper bounds +10
Dependencies use >= without maximum versions, allowing supply chain drift
最关键的证据
中危 供应链
Hardcoded external IP address without ownership verification
The code hardcodes IP 115.190.255.55 as the API endpoint throughout core.py (line 14) and cli.py (line 17). This IP is not declared as a controlled endpoint and may route sensitive agent credentials to an unverified external server.
scripts/core.py:14 Make API endpoint configurable or use domain-based URL. Verify endpoint ownership.
中危 数据外泄
SSL certificate verification disabled
The requests library is used without certificate verification (no verify=False shown but no explicit verify=True either). Combined with the hardcoded IP, this creates MITM attack vector.
scripts/core.py:93 Add explicit SSL verification or document why it's disabled.
低危 供应链
Dependencies lack version upper bounds
requirements.txt specifies 'requests>=2.31.0' and 'cryptography>=42.0.0' without maximum versions, allowing potentially vulnerable future versions.
requirements.txt:1 Pin exact versions or use compatible release operators (~=).
声明能力 vs 实际能力
文件系统 通过
声明 WRITE
→ 推断 WRITE
SKILL.md:Credential Management section declares file operations 网络访问 通过
声明 WRITE
→ 推断 WRITE
SKILL.md declares API integration; core.py:14 hardcodes IP 命令执行 通过
声明 NONE
→ 推断 NONE
No subprocess/shell execution found credential_access 通过
声明 WRITE
→ 推断 WRITE
agent_config.enc stores agent credentials; documented in SKILL.md 可疑产物与外联
高危 IP 地址
115.190.255.55 SKILL.md:153
中危 外部 URL
http://115.190.255.55:80/api/v1 SKILL.md:153
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| requests | >=2.31.0 | pip | 否 | No upper version bound |
| cryptography | >=42.0.0 | pip | 否 | No upper version bound |
文件构成
6 个文件 · 1276 行
Python 4 个文件 · 981 行Markdown 1 个文件 · 293 行Text 1 个文件 · 2 行
需关注文件 · 3
scripts/core.py Hardcoded external IP address without ownership verification · SSL certificate verification disabled
SKILL.md 115.190.255.55 · http://115.190.255.55:80/api/v1
requirements.txt Dependencies lack version upper bounds
其他文件 · memory_logger.py · cli.py · __init__.py
安全亮点
Documentation accurately describes file and network operations
Credentials are encrypted at rest using Fernet encryption
No subprocess or shell execution observed
No base64 obfuscation or eval() usage
No credential harvesting from environment variables
No access to ~/.ssh, ~/.aws, or other sensitive paths
Memory logger uses standard JSONL format with no exfiltration