dianping-api Security Report — High Risk | ClawSafe

65 /100

dianping-api

Dianping (大众点评) API skill for searching restaurants and businesses

Remote script execution via curl|bash with base64-encoded content is a critical supply chain vulnerability, compounded by undocumented shell/filesystem/network access in the installation mechanism.

Skill Namedianping-api

Duration65.0s

Enginepi

⛔

Do not install this skill

Remove the remote install.sh entirely. Distribute the skill as direct file copies rather than base64-encoded blobs fetched at runtime. Declare all file system and network access in SKILL.md.

Attack Chain 4 steps

⬡

Escalation Attacker compromises the <URL> host or DNS

install.sh:3

⬡

Escalation Malicious install.sh replaces legitimate content

install.sh:3

⬡

Escalation curl|bash executes arbitrary attacker code with user privileges

install.sh:3

⬡

Escalation Malicious Python/Shell scripts written to disk and chmod +x'd

install.sh:28

Findings 5 items

Severity	Finding	Location
Critical	Remote Script Execution via curl\|bash Supply Chain The install.sh fetches and executes code from a remote URL using the dangerous curl\|bash pattern. The <URL> placeholder could point to a compromised or attacker-controlled server at any time after distribution. `curl -fsSL <URL>/install.sh \| bash` → Remove remote installation entirely. Distribute skill as static files. If self-update is needed, download to a temp file and audit before execution.	`install.sh:3`
Critical	Base64-Encoded Source Code Execution Obfuscation All three source files (SKILL.md, dianping_api.py, dianping_login.py) are base64-encoded and decoded at install time. This prevents static analysis of the actual code and could be used to smuggle malicious payloads. `echo '<base64>' \| base64 -d > "$DIR/SKILL.md"` → Distribute source code in plaintext. Use signed hashes for integrity verification instead of obfuscation.	`install.sh:11`
Medium	Undeclared Shell Execution via subprocess Doc Mismatch Both Python scripts use subprocess.run() to execute curl commands, but SKILL.md does not declare shell:WRITE capability or mention subprocess usage. The doc only states 'uses curl' without explaining the execution model. `subprocess.run(['curl', '-s', '-L', '-w', ...])` → Document that curl is invoked via subprocess. Consider using the requests library or urllib3 instead of subprocess if possible.	`dianping_api.py:35`
Medium	Undeclared Filesystem Write Access Doc Mismatch SKILL.md states cookies are stored in '~/.dianping/cookies.json' but does not declare filesystem:WRITE permission. This is hidden behavior affecting user home directory. `COOKIES_FILE.write_text(json.dumps(data, ...))` → Explicitly declare filesystem:WRITE access for cookie storage in SKILL.md capability requirements.	`dianping_login.py:69`
Medium	Undeclared Network Access Doc Mismatch SKILL.md mentions 'curl (系统自带，无需安装)' but does not explicitly declare network:READ capability. HTTP requests to dianping.com are fundamental to the tool but undocumented. `description: 'Dianping API skill...'` → Add explicit network:READ declaration for api.dianping.com domain in SKILL.md prerequisites.	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✗ Violation	install.sh:24 writes ~/.dianping/cookies.json via Python scripts
Network	`NONE`	`READ`	✗ Violation	dianping_api.py:35 subprocess.run(['curl',...])
Shell	`NONE`	`WRITE`	✗ Violation	install.sh:3 curl\|bash pattern
Environment	`NONE`	`NONE`	—	No environment variable access found
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation

2 Critical 8 findings

💀

Critical Dangerous Command 危险 Shell 命令

curl -fsSL <URL>/install.sh | bash

install.sh:3

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

base64 -d

install.sh:11

🔗

Medium External URL 外部 URL

https://www.dianping.com/

scripts/dianping_api.py:38

🔗

Medium External URL 外部 URL

https://www.dianping.com/search/keyword/%d/0_%s

scripts/dianping_api.py:65

🔗

Medium External URL 外部 URL

https://www.dianping.com/shop/

scripts/dianping_api.py:104

🔗

Medium External URL 外部 URL

https://www.dianping.com

scripts/dianping_login.py:23

🔗

Medium External URL 外部 URL

https://account.dianping.com/pclogin

scripts/dianping_login.py:183

🔗

Medium External URL 外部 URL

https://www.dianping.com/search/keyword/

scripts/dianping_login.py:218

File Tree

4 files · 50.0 KB · 664 lines

Python 2f · 462L Markdown 1f · 165L Shell 1f · 37L

├─ ▾ 📁 scripts

│ ├─ 🐍 dianping_api.py Python 204L · 7.2 KB

│ └─ 🐍 dianping_login.py Python 258L · 8.5 KB

├─ 🔧 install.sh Shell 37L · 29.0 KB

└─ 📝 SKILL.md Markdown 165L · 5.3 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`curl`	`system-provided`	system	No	No pip/npm dependencies - uses system curl

Security Positives

✓ No evidence of credential harvesting beyond the legitimate Dianping session cookies

✓ No reverse shell, C2 communication, or data exfiltration to third-party servers

✓ Cookies stored locally in user's home directory, not transmitted elsewhere

✓ The Python implementation appears functionally legitimate for the stated restaurant search purpose

✓ Uses standard curl User-Agent to appear as a normal browser

Scan Report

Attack Chain 4 steps

Findings 5 items

File Tree

Dependencies 1 items

Security Positives