安全决策报告
dianping-api
Remote script execution via curl|bash with base64-encoded content is a critical supply chain vulnerability, compounded by undocumented shell/filesystem/network access in the installation mechanism.
最直接的威胁证据
严重 供应链
Remote Script Execution via curl|bash The install.sh fetches and executes code from a remote URL using the dangerous curl|bash pattern. The <URL> placeholder could point to a compromised or attacker-controlled server at any time after distribution.
install.sh:3 为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 3 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 2 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 4 步攻击链,另有 2 项高危或严重发现。
通过
依赖与供应链卫生
依赖结构存在,但暂未看到明显高危告警。
攻击链
01
Attacker compromises the <URL> host or DNS
delivery · install.sh:3
02
Malicious install.sh replaces legitimate content
delivery · install.sh:3
03
curl|bash executes arbitrary attacker code with user privileges
代码执行 · install.sh:3
04
Malicious Python/Shell scripts written to disk and chmod +x'd
持久化 · install.sh:28
风险分是怎么被拉高的
Remote script execution +25
curl -fsSL <URL>/install.sh | bash allows arbitrary code injection at install time
Base64 obfuscation +20
All source code is base64-encoded and decoded at runtime, hiding true implementation from static analysis
Undeclared shell execution +10
SKILL.md does not mention subprocess usage with curl commands
Undeclared filesystem WRITE +5
SKILL.md does not declare that cookies are stored in ~/.dianping/
Undeclared network access +5
SKILL.md mentions curl but does not explicitly declare network:READ capability
最关键的证据
严重 供应链
Remote Script Execution via curl|bash
The install.sh fetches and executes code from a remote URL using the dangerous curl|bash pattern. The <URL> placeholder could point to a compromised or attacker-controlled server at any time after distribution.
install.sh:3 Remove remote installation entirely. Distribute skill as static files. If self-update is needed, download to a temp file and audit before execution.
严重 代码混淆
Base64-Encoded Source Code Execution
All three source files (SKILL.md, dianping_api.py, dianping_login.py) are base64-encoded and decoded at install time. This prevents static analysis of the actual code and could be used to smuggle malicious payloads.
install.sh:11 Distribute source code in plaintext. Use signed hashes for integrity verification instead of obfuscation.
中危 文档欺骗
Undeclared Shell Execution via subprocess
Both Python scripts use subprocess.run() to execute curl commands, but SKILL.md does not declare shell:WRITE capability or mention subprocess usage. The doc only states 'uses curl' without explaining the execution model.
dianping_api.py:35 Document that curl is invoked via subprocess. Consider using the requests library or urllib3 instead of subprocess if possible.
中危 文档欺骗
Undeclared Filesystem Write Access
SKILL.md states cookies are stored in '~/.dianping/cookies.json' but does not declare filesystem:WRITE permission. This is hidden behavior affecting user home directory.
dianping_login.py:69 Explicitly declare filesystem:WRITE access for cookie storage in SKILL.md capability requirements.
中危 文档欺骗
Undeclared Network Access
SKILL.md mentions 'curl (系统自带,无需安装)' but does not explicitly declare network:READ capability. HTTP requests to dianping.com are fundamental to the tool but undocumented.
SKILL.md:1 Add explicit network:READ declaration for api.dianping.com domain in SKILL.md prerequisites.
声明能力 vs 实际能力
文件系统 阻止
声明 NONE
→ 推断 WRITE
install.sh:24 writes ~/.dianping/cookies.json via Python scripts 网络访问 阻止
声明 NONE
→ 推断 READ
dianping_api.py:35 subprocess.run(['curl',...]) 命令执行 阻止
声明 NONE
→ 推断 WRITE
install.sh:3 curl|bash pattern 环境变量 通过
声明 NONE
→ 推断 NONE
No environment variable access found 技能调用 通过
声明 NONE
→ 推断 NONE
No cross-skill invocation 可疑产物与外联
严重 危险命令
curl -fsSL <URL>/install.sh | bash install.sh:3
严重 编码执行
base64 -d install.sh:11
中危 外部 URL
https://www.dianping.com/ scripts/dianping_api.py:38
中危 外部 URL
https://www.dianping.com/search/keyword/%d/0_%s scripts/dianping_api.py:65
中危 外部 URL
https://www.dianping.com/shop/ scripts/dianping_api.py:104
中危 外部 URL
https://www.dianping.com scripts/dianping_login.py:23
中危 外部 URL
https://account.dianping.com/pclogin scripts/dianping_login.py:183
中危 外部 URL
https://www.dianping.com/search/keyword/ scripts/dianping_login.py:218
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| curl | system-provided | system | 否 | No pip/npm dependencies - uses system curl |
文件构成
4 个文件 · 664 行
Python 2 个文件 · 462 行Markdown 1 个文件 · 165 行Shell 1 个文件 · 37 行
需关注文件 · 4
install.sh Remote Script Execution via curl|bash · Base64-Encoded Source Code Execution · curl -fsSL <URL>/install.sh | bash · base64 -d
scripts/dianping_login.py https://www.dianping.com · https://account.dianping.com/pclogin · https://www.dianping.com/search/keyword/
scripts/dianping_api.py https://www.dianping.com/ · https://www.dianping.com/search/keyword/%d/0_%s · https://www.dianping.com/shop/
SKILL.md Undeclared Network Access
安全亮点
No evidence of credential harvesting beyond the legitimate Dianping session cookies
No reverse shell, C2 communication, or data exfiltration to third-party servers
Cookies stored locally in user's home directory, not transmitted elsewhere
The Python implementation appears functionally legitimate for the stated restaurant search purpose
Uses standard curl User-Agent to appear as a normal browser