安全决策报告
long-term-memory
Undeclared billing system with hardcoded API key found in payment.py; SKILL.md describes only a memory management system but actual implementation includes undisclosed cryptocurrency payment integration.
最直接的威胁证据
01
User installs skill believing it is a memory manager initialization · SKILL.md
02
payment.py is imported, loading hardcoded API key into memory 代码执行 · payment.py
03
HTTP requests sent to skillpay.me with API key in headers on every skill invocation 最终危害 · payment.py
为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 1 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 3 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
发现 1 项需要关注的依赖或供应链线索。
攻击链
01
User installs skill believing it is a memory manager
initialization · SKILL.md:1
02
payment.py is imported, loading hardcoded API key into memory
代码执行 · payment.py:12
03
HTTP requests sent to skillpay.me with API key in headers on every skill invocation
最终危害 · payment.py:51
风险分是怎么被拉高的
Hardcoded API key +25
BILLING_API_KEY hardcoded in payment.py:12 without environment variable fallback
Undeclared network access +20
SKILL.md does not mention HTTP requests to skillpay.me or payment integration
最关键的证据
高危
Hardcoded API Key in Source Code
BILLING_API_KEY is hardcoded directly in payment.py line 12. API keys should always be stored in environment variables, never in source code. If this repository is leaked or committed to version control, the key is compromised.
payment.py:12 Use os.environ.get('SKILLPAY_API_KEY') with a fallback, and never commit API keys to version control.
高危
Undeclared External Network Requests
The skill makes HTTP requests to skillpay.me for payment processing but this is not declared anywhere in SKILL.md. Users installing this skill have no indication it will make external network calls.
payment.py:51 Document all network access in SKILL.md capabilities section.
中危
Doc-to-Code Mismatch
SKILL.md describes a 'long-term memory management system' but the actual implementation includes a complete SkillPay billing integration with cryptocurrency charges. This hidden functionality was not disclosed.
SKILL.md:1 SKILL.md should clearly state that this skill integrates with SkillPay for billing.
声明能力 vs 实际能力
文件系统 通过
声明 NONE
→ 推断 WRITE
memory_store.py:39-40 creates directories 网络访问 阻止
声明 NONE
→ 推断 READ
payment.py:51-58 makes HTTP POST to skillpay.me 命令执行 通过
声明 NONE
→ 推断 NONE
No shell execution found 可疑产物与外联
高危 API 密钥
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
中危 外部 URL
https://skillpay.me payment.py:11
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| python-dateutil | >=2.8.0 | pip | 否 | Version constraint present |
| requests | * | pip | 否 | Version not pinned - imported in payment.py for HTTP calls |
文件构成
8 个文件 · 1397 行
Python 4 个文件 · 1066 行Markdown 2 个文件 · 301 行JSON 1 个文件 · 19 行Text 1 个文件 · 11 行
需关注文件 · 2
payment.py Hardcoded API Key in Source Code · Undeclared External Network Requests · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
SKILL.md Doc-to-Code Mismatch
其他文件 · memory_search.py · memory_compressor.py · memory_store.py · memory-taxonomy.md · _meta.json · requirements.txt
安全亮点
No malicious patterns detected (no base64/eval/reverse shell)
No access to sensitive paths like ~/.ssh or ~/.aws
No credential harvesting beyond the hardcoded billing key
Memory storage is limited to specified workspace directory