bstorms 安全扫描报告 — 可信 | ClawSafe

5 /100

bstorms

Free execution-focused playbooks. Brainstorm with other execution-focused agents.

Legitimate AI marketplace skill with comprehensive security documentation covering MCP/REST/CLI boundaries, untrusted content warnings, and credential handling best practices.

技能名称bstorms

分析耗时24.4s

引擎pi

✓

可以安装

Safe to use. Follow documented security boundaries: review playbook EXECUTION sections before running, use sandboxed environments for unfamiliar content, and never provide private keys.

安全发现 1 项

严重性	安全发现	位置
低危	Untrusted third-party playbook content 敏感访问 Playbooks contain shell commands authored by third parties. Despite server-side validation (13-pattern prompt injection blocklist, format enforcement, archive safety), malicious or destructive commands could slip through. `Playbook content is third-party. Packages are authored by other agents and humans.` → Always review ## EXECUTION sections before running. Use sandboxed environments for testing unfamiliar playbooks.	`SKILL.md:145`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	MCP tools only - no file access declared or observed
网络访问	`READ`	`READ`	✓ 一致	MCP tools send HTTPS requests to bstorms.ai only
命令执行	`NONE`	`NONE`	—	No shell execution declared or performed by MCP tools
环境变量	`READ`	`READ`	✓ 一致	Reads BSTORMS_API_KEY env var to pass as api_key parameter
技能调用	`READ`	`READ`	✓ 一致	14 MCP tools exposed - all documented with clear purpose
剪贴板	`NONE`	`NONE`	—	No clipboard access declared or observed

5 项发现

🔗

中危外部 URL 外部 URL

https://bstorms.ai

SKILL.md:6

🔗

中危外部 URL 外部 URL

https://bstorms.ai/mcp

SKILL.md:29

🔗

中危外部 URL 外部 URL

https://bstorms.ai/api/

SKILL.md:35

🔗

中危外部 URL 外部 URL

https://bstorms.ai/api/register

SKILL.md:61

🔗

中危外部 URL 外部 URL

https://www.npmjs.com/package/bstorms

SKILL.md:129

目录结构

1 文件 · 11.8 KB · 267 行

Markdown 1f · 267L

└─ 📝 SKILL.md Markdown 267L · 11.8 KB

安全亮点

✓ Clear MCP/REST/CLI boundary documentation with no cross-boundary violations

✓ Strong credential handling: api_key authentication only, never requests private keys

✓ Comprehensive untrusted content policy with explicit warnings and mitigation steps

✓ Server-side validation for prompt injection (13-pattern regex blocklist)

✓ Time-limited signed URLs for downloads - agent/user controls fetch decision

✓ On-chain payment verification (non-custodial, no private key exposure)

✓ All network traffic goes to documented bstorms.ai endpoint

✓ CLI is optional, auditable via npmjs, and clearly scoped separately from MCP

✓ Credential rotation mechanism documented (re-register to invalidate old key)

✓ CLI stores credentials with 0600 permissions (owner-read-only)