扫描报告
5 /100
aigc-images
基于 BizyAir 异步 API 的批量多密钥图片生成助手
This is a legitimate BizyAir AIGC image generation tool with no malicious behavior detected. All functionality is properly declared and API keys are only used for their intended purpose.
可以安装
This skill is safe to use. The only minor issue is a placeholder API key example in documentation which poses no security risk.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Placeholder API key in documentation 文档欺骗 | SKILL.md:45 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | Uses curl, grep, subprocess in scripts - declared in requires section |
| 网络访问 | READ | READ | ✓ 一致 | Makes API calls to api.bizyair.cn - declared functionality |
| 文件系统 | READ | READ | ✓ 一致 | Reads ~/.bizyair_keys.txt for key loading - declared in documentation |
| 环境变量 | READ | READ | ✓ 一致 | Reads BIZYAIR_API_KEY env var - declared in fallback section |
1 高危 5 项发现
高危 API 密钥 疑似硬编码凭证
API_KEY="your_api_key_here" SKILL.md:45 中危 外部 URL 外部 URL
https://api.bizyair.cn/w/v1/webapp/task/openapi/create SKILL.md:163 中危 外部 URL 外部 URL
https://api.bizyair.cn/w/v1/webapp/task/openapi/detail?requestId=$ SKILL.md:206 中危 外部 URL 外部 URL
https://api.bizyair.cn/w/v1/webapp/task/openapi/outputs?requestId=$ SKILL.md:216 中危 外部 URL 外部 URL
https://api.bizyair.cn/w/v1/webapp/task/openapi assets/bizyair_api.sh:18 目录结构
2 文件 · 20.5 KB · 715 行 Markdown 1f · 488L
Shell 1f · 227L
├─
▾
assets
│ └─
bizyair_api.sh
Shell
└─
SKILL.md
Markdown
安全亮点
✓ All shell commands (curl, jq, grep) are declared in the requires section
✓ API keys are only used to call the legitimate BizyAir API for image generation
✓ No credential exfiltration or data theft observed
✓ No obfuscation techniques (base64, eval, etc.) detected
✓ No network connections to suspicious IPs or domains
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Remote URL fetching is explicitly documented as a feature
✓ Clean, readable shell script with no malicious patterns