中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 68/100
上次扫描:2 天前 重新扫描
68 /100
skill-security-vet
技能安全審核 - 整合本地掃描 + VirusTotal 雲端威脅情報
Undeclared computer-wide filesystem scanning and auto-quarantine capabilities discovered - SKILL.md only mentions skill scanning but code includes full drive scanning mode.
技能名称skill-security-vet
分析耗时40.9s
引擎pi
不要安装此技能
Remove local/full scanning modes or document them clearly with explicit user consent. The computer-wide scanning capability is highly suspicious for a skill auditing tool.

攻击链 4 步

入口 User installs skill-security-vet believing it only scans installed skills
SKILL.md:1
提权 Attacker or compromised tool uses 'local' or 'full' mode to scan entire computer filesystem
vet.ts:219
提权 Tool iterates through directories searching for sensitive files and credential patterns
vet.ts:239
影响 Files matching danger patterns are auto-quarantined or removed without user consent
vet.ts:160

安全发现 5 项

严重性 安全发现 位置
高危
Undeclared local/full computer scanning mode
vet.ts contains 'local' and 'full' scanning modes that recursively scan entire system drives (C:, D:, E:, F: on Windows, / on Unix) up to depth 5, examining 10,000+ files. SKILL.md only describes scanning installed skills in ~/.opencode/skill.
async function scanLocalComputer(drive: string, config: Config): Promise<ScanResult[]> {
→ Remove local/full modes or clearly document computer-wide scanning capability in SKILL.md
 vet.ts:219
高危
Automatic file quarantine without consent
The tool automatically quarantines (copies and deletes) or removes files identified as dangerous without prompting for user consent per operation. Configured via --auto flag.
if (result.status === 'danger' && (autoMode || config.autoRemove)) { if (config.autoQuarantine) { await quarantineFile(skillPath) }
→ Require explicit user confirmation before auto-quarantine, or document this behavior prominently
 vet.ts:160
中危
Undocumented VirusTotal API integration
Code integrates with VirusTotal API to submit file hashes for scanning. While the SKILL.md mentions VirusTotal, it doesn't detail the API endpoint or that file hashes are sent externally.
const response = await fetch(`https://www.virustotal.com/api/v3/files/${hash}`
→ Document what data is sent to VirusTotal (file hashes only vs content)
 vet.ts:127
中危
Suspicious file pattern matching
Tool scans for credential-related patterns including decodeURIComponent with password/token, keyloggers, remote connection attempts (SSH/RDP). While legitimate for security scanning, combined with undeclared full drive access this could be used for credential harvesting.
{ pattern: /decodeURIComponent.*password|decodeURIComponent.*token/g, type: '密碼竊取模式' }
→ Clarify intent - a skill security tool should not need to detect password theft patterns on user's computer
 vet.ts:50
低危
Broad exclusion list suggests awareness of sensitive areas
The excludeSet includes AppData/Local/Temp, Windows, Program Files, etc. This suggests the tool is aware of and avoids Windows system areas while potentially targeting user data areas.
const excludeSet = new Set(['node_modules', '.git', 'Windows', 'Program Files'...
→ Review exclusion list - consider if this is protective or targeted
 vet.ts:239
资源类型声明权限推断权限状态证据
文件系统 READ READ+WRITE ✗ 越权 vet.ts:219-263 (scanLocalComputer function scans entire drives)
网络访问 NONE READ ✗ 越权 vet.ts:127-154 (VirusTotal API calls not mentioned in docs)
命令执行 NONE NONE No shell execution found
2 项发现
🔗
中危 外部 URL 外部 URL
https://virustotal.com
SKILL.md:46
🔗
中危 外部 URL 外部 URL
https://www.virustotal.com/api/v3/files/$
vet.ts:127

目录结构

3 文件 · 29.6 KB · 885 行
TypeScript 2f · 768L Markdown 1f · 117L
├─ 📝 SKILL.md Markdown 117L · 3.0 KB
├─ 📜 startup-scan.ts TypeScript 284L · 10.0 KB
└─ 📜 vet.ts TypeScript 484L · 16.6 KB

依赖分析 1 项

包名版本来源已知漏洞备注
bun bundled system Bun runtime required

安全亮点

✓ Security scanning patterns are well-defined and comprehensive
✓ Uses VirusTotal for external threat intelligence (legitimate security tool feature)
✓ No direct exfiltration of credentials observed - only pattern matching
✓ No reverse shell, C2, or direct malicious code execution
✓ API key stored locally in config directory, not hardcoded