安全决策报告
kuaidi-query
This skill contains critical security issues including exposed real API credentials in config.json, undeclared filesystem and network access, and a vulnerable dependency with unpinned axios version.
最直接的威胁证据
严重 凭证窃取
Hardcoded API Credentials Exposed Real Track123 API credentials are hardcoded in config.json with app_key and api_secret values. These credentials are committed to the repository and publicly visible.
config.json:2 为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 3 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 28 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 3 项高危或严重发现。
复核
依赖与供应链卫生
发现 1 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Exposed API credentials in config.json +35
Real Track123 API keys hardcoded and committed to repository
Undeclared network access +15
Makes HTTPS requests to api.track123.com without declaring network:READ
Undeclared filesystem access +10
Reads config.json and writes .cache.json without filesystem capability declaration
Unpinned dependency +8
axios uses ^1.13.6 allowing updates to potentially vulnerable versions
最关键的证据
严重 凭证窃取
Hardcoded API Credentials Exposed
Real Track123 API credentials are hardcoded in config.json with app_key and api_secret values. These credentials are committed to the repository and publicly visible.
config.json:2 Remove config.json from repository, add it to .gitignore, and use environment variables or a secrets manager for credentials
高危 权限提升
Undeclared Network Access
The skill makes HTTPS requests to api.track123.com but SKILL.md does not declare network:READ capability in allowed-tools mapping
scripts/query.js:56 Add network:READ to allowed-tools declaration in SKILL.md metadata
高危 权限提升
Undeclared Filesystem Access
The skill reads config.json and writes .cache.json without declaring filesystem:READ/WRITE capabilities
scripts/query.js:37 Add filesystem:READ and filesystem:WRITE to allowed-tools declaration
中危 供应链
Unpinned Dependency Version
axios dependency uses ^1.13.6 which allows automatic updates to higher minor/patch versions that could contain security vulnerabilities
package.json:9 Pin axios to exact version: "axios": "1.13.6" or use a lockfile
低危 文档欺骗
API Endpoint Mismatch
Reference docs show v2.1 API endpoints but code uses v2. Authentication method also differs (app_key in body vs Track123-Api-Secret header)
references/track123-api.md vs scripts/query.js Ensure documentation matches implementation
声明能力 vs 实际能力
网络访问 阻止
声明 NONE
→ 推断 READ
scripts/query.js:56 - axios.post to api.track123.com 文件系统 阻止
声明 NONE
→ 推断 READ
scripts/query.js:37 - fs.readFileSync(CONFIG_PATH) 文件系统 阻止
声明 NONE
→ 推断 WRITE
scripts/query.js:79 - fs.writeFileSync(CACHE_PATH) 可疑产物与外联
中危 外部 URL
https://www.track123.com/ SKILL.md:155
中危 外部 URL
https://registry.npmmirror.com/asynckit/-/asynckit-0.4.0.tgz package-lock.json:17
中危 外部 URL
https://registry.npmmirror.com/axios/-/axios-1.13.6.tgz package-lock.json:23
中危 外部 URL
https://registry.npmmirror.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz package-lock.json:34
中危 外部 URL
https://registry.npmmirror.com/combined-stream/-/combined-stream-1.0.8.tgz package-lock.json:47
中危 外部 URL
https://registry.npmmirror.com/delayed-stream/-/delayed-stream-1.0.0.tgz package-lock.json:59
中危 外部 URL
https://registry.npmmirror.com/dunder-proto/-/dunder-proto-1.0.1.tgz package-lock.json:68
中危 外部 URL
https://registry.npmmirror.com/es-define-property/-/es-define-property-1.0.1.tgz package-lock.json:82
中危 外部 URL
https://registry.npmmirror.com/es-errors/-/es-errors-1.3.0.tgz package-lock.json:91
中危 外部 URL
https://registry.npmmirror.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz package-lock.json:100
中危 外部 URL
https://registry.npmmirror.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz package-lock.json:112
中危 外部 URL
https://registry.npmmirror.com/follow-redirects/-/follow-redirects-1.15.11.tgz package-lock.json:127
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| axios | ^1.13.6 | npm | 否 | Version not pinned, uses caret range allowing updates |
文件构成
9 个文件 · 1670 行
Markdown 3 个文件 · 820 行JavaScript 1 个文件 · 525 行JSON 5 个文件 · 325 行
需关注文件 · 6
config.json Hardcoded API Credentials Exposed
scripts/query.js Undeclared Network Access · Undeclared Filesystem Access · https://api.track123.com/gateway/open-api/tk/v2
package-lock.json https://registry.npmmirror.com/asynckit/-/asynckit-0.4.0.tgz · https://registry.npmmirror.com/axios/-/axios-1.13.6.tgz · https://registry.npmmirror.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz · https://registry.npmmirror.com/combined-stream/-/combined-stream-1.0.8.tgz · https://registry.npmmirror.com/delayed-stream/-/delayed-stream-1.0.0.tgz · https://registry.npmmirror.com/dunder-proto/-/dunder-proto-1.0.1.tgz · https://registry.npmmirror.com/es-define-property/-/es-define-property-1.0.1.tgz · https://registry.npmmirror.com/es-errors/-/es-errors-1.3.0.tgz · https://registry.npmmirror.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz · https://registry.npmmirror.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz · https://registry.npmmirror.com/follow-redirects/-/follow-redirects-1.15.11.tgz · https://registry.npmmirror.com/form-data/-/form-data-4.0.5.tgz · https://registry.npmmirror.com/function-bind/-/function-bind-1.1.2.tgz · https://registry.npmmirror.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz · https://registry.npmmirror.com/get-proto/-/get-proto-1.0.1.tgz · https://registry.npmmirror.com/gopd/-/gopd-1.2.0.tgz · https://registry.npmmirror.com/has-symbols/-/has-symbols-1.1.0.tgz · https://registry.npmmirror.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz · https://registry.npmmirror.com/hasown/-/hasown-2.0.2.tgz · https://registry.npmmirror.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz · https://registry.npmmirror.com/mime-db/-/mime-db-1.52.0.tgz · https://registry.npmmirror.com/mime-types/-/mime-types-2.1.35.tgz · https://registry.npmmirror.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz
references/track123-api.md https://api.track123.com/gateway/open-api/tk/v2.1 · https://api.track123.com/gateway/open-api/tk/v2.1/track/query-realtime · https://docs.track123.com/
SKILL.md https://www.track123.com/
package.json Unpinned Dependency Version
其他文件 · examples.md · _meta.json · config.example.json
安全亮点
Skill implements basic security practices like input validation for carrier codes
API credentials are validated before use with error messages
Caching mechanism uses timestamps to prevent stale data
No reverse shell, C2 communication, or obvious malicious behavior detected
Uses standard axios library instead of custom network code