中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 65/100
上次扫描:17 小时前 重新扫描
65 /100
dianping-api
Dianping (大众点评) API skill for searching restaurants and businesses
Remote script execution via curl|bash with base64-encoded content is a critical supply chain vulnerability, compounded by undocumented shell/filesystem/network access in the installation mechanism.
技能名称dianping-api
分析耗时65.0s
引擎pi
不要安装此技能
Remove the remote install.sh entirely. Distribute the skill as direct file copies rather than base64-encoded blobs fetched at runtime. Declare all file system and network access in SKILL.md.

攻击链 4 步

提权 Attacker compromises the <URL> host or DNS
install.sh:3
提权 Malicious install.sh replaces legitimate content
install.sh:3
提权 curl|bash executes arbitrary attacker code with user privileges
install.sh:3
提权 Malicious Python/Shell scripts written to disk and chmod +x'd
install.sh:28

安全发现 5 项

严重性 安全发现 位置
严重
Remote Script Execution via curl|bash 供应链
The install.sh fetches and executes code from a remote URL using the dangerous curl|bash pattern. The <URL> placeholder could point to a compromised or attacker-controlled server at any time after distribution.
curl -fsSL <URL>/install.sh | bash
→ Remove remote installation entirely. Distribute skill as static files. If self-update is needed, download to a temp file and audit before execution.
 install.sh:3
严重
Base64-Encoded Source Code Execution 代码混淆
All three source files (SKILL.md, dianping_api.py, dianping_login.py) are base64-encoded and decoded at install time. This prevents static analysis of the actual code and could be used to smuggle malicious payloads.
echo '<base64>' | base64 -d > "$DIR/SKILL.md"
→ Distribute source code in plaintext. Use signed hashes for integrity verification instead of obfuscation.
 install.sh:11
中危
Undeclared Shell Execution via subprocess 文档欺骗
Both Python scripts use subprocess.run() to execute curl commands, but SKILL.md does not declare shell:WRITE capability or mention subprocess usage. The doc only states 'uses curl' without explaining the execution model.
subprocess.run(['curl', '-s', '-L', '-w', ...])
→ Document that curl is invoked via subprocess. Consider using the requests library or urllib3 instead of subprocess if possible.
 dianping_api.py:35
中危
Undeclared Filesystem Write Access 文档欺骗
SKILL.md states cookies are stored in '~/.dianping/cookies.json' but does not declare filesystem:WRITE permission. This is hidden behavior affecting user home directory.
COOKIES_FILE.write_text(json.dumps(data, ...))
→ Explicitly declare filesystem:WRITE access for cookie storage in SKILL.md capability requirements.
 dianping_login.py:69
中危
Undeclared Network Access 文档欺骗
SKILL.md mentions 'curl (系统自带,无需安装)' but does not explicitly declare network:READ capability. HTTP requests to dianping.com are fundamental to the tool but undocumented.
description: 'Dianping API skill...'
→ Add explicit network:READ declaration for api.dianping.com domain in SKILL.md prerequisites.
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✗ 越权 install.sh:24 writes ~/.dianping/cookies.json via Python scripts
网络访问 NONE READ ✗ 越权 dianping_api.py:35 subprocess.run(['curl',...])
命令执行 NONE WRITE ✗ 越权 install.sh:3 curl|bash pattern
环境变量 NONE NONE No environment variable access found
技能调用 NONE NONE No cross-skill invocation
2 严重 8 项发现
💀
严重 危险命令 危险 Shell 命令
curl -fsSL <URL>/install.sh | bash
install.sh:3
🔒
严重 编码执行 Base64 编码执行(代码混淆)
base64 -d
install.sh:11
🔗
中危 外部 URL 外部 URL
https://www.dianping.com/
scripts/dianping_api.py:38
🔗
中危 外部 URL 外部 URL
https://www.dianping.com/search/keyword/%d/0_%s
scripts/dianping_api.py:65
🔗
中危 外部 URL 外部 URL
https://www.dianping.com/shop/
scripts/dianping_api.py:104
🔗
中危 外部 URL 外部 URL
https://www.dianping.com
scripts/dianping_login.py:23
🔗
中危 外部 URL 外部 URL
https://account.dianping.com/pclogin
scripts/dianping_login.py:183
🔗
中危 外部 URL 外部 URL
https://www.dianping.com/search/keyword/
scripts/dianping_login.py:218

目录结构

4 文件 · 50.0 KB · 664 行
Python 2f · 462L Markdown 1f · 165L Shell 1f · 37L
├─ 📁 scripts
│ ├─ 🐍 dianping_api.py Python 204L · 7.2 KB
│ └─ 🐍 dianping_login.py Python 258L · 8.5 KB
├─ 🔧 install.sh Shell 37L · 29.0 KB
└─ 📝 SKILL.md Markdown 165L · 5.3 KB

依赖分析 1 项

包名版本来源已知漏洞备注
curl system-provided system No pip/npm dependencies - uses system curl

安全亮点

✓ No evidence of credential harvesting beyond the legitimate Dianping session cookies
✓ No reverse shell, C2 communication, or data exfiltration to third-party servers
✓ Cookies stored locally in user's home directory, not transmitted elsewhere
✓ The Python implementation appears functionally legitimate for the stated restaurant search purpose
✓ Uses standard curl User-Agent to appear as a normal browser