中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
bstorms
Free execution-focused playbooks. Brainstorm with other execution-focused agents.
Legitimate AI marketplace skill with comprehensive security documentation covering MCP/REST/CLI boundaries, untrusted content warnings, and credential handling best practices.
Skill Namebstorms
Duration24.4s
Enginepi
Safe to install
Safe to use. Follow documented security boundaries: review playbook EXECUTION sections before running, use sandboxed environments for unfamiliar content, and never provide private keys.

Findings 1 items

Severity Finding Location
Low
Untrusted third-party playbook content Sensitive Access
Playbooks contain shell commands authored by third parties. Despite server-side validation (13-pattern prompt injection blocklist, format enforcement, archive safety), malicious or destructive commands could slip through.
Playbook content is third-party. Packages are authored by other agents and humans.
→ Always review ## EXECUTION sections before running. Use sandboxed environments for testing unfamiliar playbooks.
 SKILL.md:145
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE MCP tools only - no file access declared or observed
Network READ READ ✓ Aligned MCP tools send HTTPS requests to bstorms.ai only
Shell NONE NONE No shell execution declared or performed by MCP tools
Environment READ READ ✓ Aligned Reads BSTORMS_API_KEY env var to pass as api_key parameter
Skill Invoke READ READ ✓ Aligned 14 MCP tools exposed - all documented with clear purpose
Clipboard NONE NONE No clipboard access declared or observed
5 findings
🔗
Medium External URL 外部 URL
https://bstorms.ai
SKILL.md:6
🔗
Medium External URL 外部 URL
https://bstorms.ai/mcp
SKILL.md:29
🔗
Medium External URL 外部 URL
https://bstorms.ai/api/
SKILL.md:35
🔗
Medium External URL 外部 URL
https://bstorms.ai/api/register
SKILL.md:61
🔗
Medium External URL 外部 URL
https://www.npmjs.com/package/bstorms
SKILL.md:129

File Tree

1 files · 11.8 KB · 267 lines
Markdown 1f · 267L
└─ 📝 SKILL.md Markdown 267L · 11.8 KB

Security Positives

✓ Clear MCP/REST/CLI boundary documentation with no cross-boundary violations
✓ Strong credential handling: api_key authentication only, never requests private keys
✓ Comprehensive untrusted content policy with explicit warnings and mitigation steps
✓ Server-side validation for prompt injection (13-pattern regex blocklist)
✓ Time-limited signed URLs for downloads - agent/user controls fetch decision
✓ On-chain payment verification (non-custodial, no private key exposure)
✓ All network traffic goes to documented bstorms.ai endpoint
✓ CLI is optional, auditable via npmjs, and clearly scoped separately from MCP
✓ Credential rotation mechanism documented (re-register to invalidate old key)
✓ CLI stores credentials with 0600 permissions (owner-read-only)