安全决策报告
Etf
Documentation claims ETF analysis functionality but code implements only a generic local logger with no financial analysis features.
最直接的威胁证据
高危 文档欺骗
False documentation - no ETF functionality exists SKILL.md describes an 'ETF holdings analyzer' for 'screening ETFs, comparing ratios, and tracking allocations' but scripts/script.sh contains only generic local logging commands. There is zero ETF-specific logic, financial data fetching, or market analysis code.
SKILL.md:1 为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 1 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 3 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 1 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
风险分是怎么被拉高的
Doc-to-code mismatch +25
SKILL.md advertises ETF analysis tools but script.sh contains only generic logging commands with no ETF logic
Undeclared filesystem access +15
Skill declares NONE for filesystem but script writes to ~/.local/share/etf/
Generic command pattern suspicious +5
Commands (run, check, convert, analyze) are generic placeholders with no actual functionality
最关键的证据
高危 文档欺骗
False documentation - no ETF functionality exists
SKILL.md describes an 'ETF holdings analyzer' for 'screening ETFs, comparing ratios, and tracking allocations' but scripts/script.sh contains only generic local logging commands. There is zero ETF-specific logic, financial data fetching, or market analysis code.
SKILL.md:1 Verify if this skill was mislabeled or if malicious code was injected into a legitimate tool.
中危 权限提升
Undeclared filesystem WRITE permission
The skill declares filesystem:NONE but the script creates and writes to ~/.local/share/etf/ directory for persistent storage.
scripts/script.sh:9 Update SKILL.md to declare filesystem:WRITE permission for the etf data directory.
低危 数据外泄
Local data persistence with no encryption
All user inputs to commands are logged in plaintext to log files in ~/.local/share/etf/. While marked 'offline', this creates a local data store that could be accessed by other processes.
scripts/script.sh:58 Consider documenting data retention policies and adding encryption if sensitive data may be processed.
声明能力 vs 实际能力
文件系统 阻止
声明 NONE
→ 推断 WRITE
scripts/script.sh:9 mkdir -p "$DATA_DIR" 网络访问 通过
声明 NONE
→ 推断 NONE
No network calls found 命令执行 通过
声明 NONE
→ 推断 NONE
No subprocess/eval calls 环境变量 通过
声明 NONE
→ 推断 NONE
No env access except DATA_DIR path 可疑产物与外联
中危 外部 URL
https://bytesagain.com SKILL.md:6
中危 外部 URL
https://bytesagain.com/feedback/ SKILL.md:98
依赖与供应链
没有结构化依赖告警。
文件构成
2 个文件 · 414 行
Shell 1 个文件 · 313 行Markdown 1 个文件 · 101 行
需关注文件 · 2
scripts/script.sh Undeclared filesystem WRITE permission · Local data persistence with no encryption
SKILL.md False documentation - no ETF functionality exists · https://bytesagain.com · https://bytesagain.com/feedback/ · [email protected]
安全亮点
No network requests or external communications detected
No credential harvesting or environment variable enumeration
No base64 encoding or obfuscated commands
No remote script execution (curl|bash, wget|sh)
No subprocess or shell execution capabilities
Works entirely offline as documented
No supply chain dependencies or external packages