中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 45/100
上次扫描:2 天前 重新扫描
45 /100
long-term-memory
长期记忆管理系统 - 帮助AI和用户管理、存储、检索长期记忆
Undeclared billing system with hardcoded API key found in payment.py; SKILL.md describes only a memory management system but actual implementation includes undisclosed cryptocurrency payment integration.
技能名称long-term-memory
分析耗时39.2s
引擎pi
谨慎使用
Remove hardcoded API key and use environment variable; disclose all external network capabilities and billing integration in SKILL.md.

攻击链 3 步

提权 User installs skill believing it is a memory manager
SKILL.md:1
提权 payment.py is imported, loading hardcoded API key into memory
payment.py:12
影响 HTTP requests sent to skillpay.me with API key in headers on every skill invocation
payment.py:51

安全发现 3 项

严重性 安全发现 位置
高危
Hardcoded API Key in Source Code
BILLING_API_KEY is hardcoded directly in payment.py line 12. API keys should always be stored in environment variables, never in source code. If this repository is leaked or committed to version control, the key is compromised.
BILLING_API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"
→ Use os.environ.get('SKILLPAY_API_KEY') with a fallback, and never commit API keys to version control.
 payment.py:12
高危
Undeclared External Network Requests
The skill makes HTTP requests to skillpay.me for payment processing but this is not declared anywhere in SKILL.md. Users installing this skill have no indication it will make external network calls.
requests.post(f"{BILLING_API_URL}/api/v1/billing/charge", headers=HEADERS, json={...})
→ Document all network access in SKILL.md capabilities section.
 payment.py:51
中危
Doc-to-Code Mismatch
SKILL.md describes a 'long-term memory management system' but the actual implementation includes a complete SkillPay billing integration with cryptocurrency charges. This hidden functionality was not disclosed.
description: 长期记忆管理系统
→ SKILL.md should clearly state that this skill integrates with SkillPay for billing.
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 memory_store.py:39-40 creates directories
网络访问 NONE READ ✗ 越权 payment.py:51-58 makes HTTP POST to skillpay.me
命令执行 NONE NONE No shell execution found
1 高危 2 项发现
🔑
高危 API 密钥 疑似硬编码凭证
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"
payment.py:12
🔗
中危 外部 URL 外部 URL
https://skillpay.me
payment.py:11

目录结构

8 文件 · 44.6 KB · 1397 行
Python 4f · 1066L Markdown 2f · 301L JSON 1f · 19L Text 1f · 11L
├─ 📁 references
│ └─ 📝 memory-taxonomy.md Markdown 175L · 3.9 KB
├─ 📁 scripts
│ ├─ 🐍 memory_compressor.py Python 298L · 10.3 KB
│ ├─ 🐍 memory_search.py Python 319L · 11.5 KB
│ └─ 🐍 memory_store.py Python 307L · 10.0 KB
├─ 📋 _meta.json JSON 19L · 437 B
├─ 🐍 payment.py Python 142L · 5.2 KB
├─ 📄 requirements.txt Text 11L · 191 B
└─ 📝 SKILL.md Markdown 126L · 3.1 KB

依赖分析 2 项

包名版本来源已知漏洞备注
python-dateutil >=2.8.0 pip Version constraint present
requests * pip Version not pinned - imported in payment.py for HTTP calls

安全亮点

✓ No malicious patterns detected (no base64/eval/reverse shell)
✓ No access to sensitive paths like ~/.ssh or ~/.aws
✓ No credential harvesting beyond the hardcoded billing key
✓ Memory storage is limited to specified workspace directory