安全决策报告
odds-movement-monitor
Hardcoded billing API key in payment.py, undisclosed payment integration, and misleading SKILL.md file references raise concerns despite no confirmed malicious behavior.
最直接的威胁证据
高危
Hardcoded Billing API Key A billing API key is hardcoded in payment.py source code. While this appears to be a legitimate SkillPay service key rather than a credential for malicious activity, hardcoding secrets in source code is a serious security practice violation.
payment.py:12 为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 1 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 2 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 1 项高危或严重发现。
复核
依赖与供应链卫生
发现 2 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Hardcoded API key +18
payment.py:12 contains hardcoded BILLING_API_KEY='sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2'
Undeclared payment behavior +12
SKILL.md does not mention the SkillPay billing system that charges 0.01 USDT per call
Documentation mismatch +5
SKILL.md lists non-existent files: odds_fetcher.py, alert_manager.py, data_storage.py
External IP network requests +3
payment.py makes requests to skillpay.me API, but this is partially declared in _meta.json
最关键的证据
高危
Hardcoded Billing API Key
A billing API key is hardcoded in payment.py source code. While this appears to be a legitimate SkillPay service key rather than a credential for malicious activity, hardcoding secrets in source code is a serious security practice violation.
payment.py:12 Move API key to environment variable or secure config management
中危
Undisclosed Payment Collection
The skill implements a payment collection system (SkillPay) that automatically charges users 0.01 USDT per invocation. This behavior is not mentioned in SKILL.md, only in _meta.json's metadata section.
payment.py:1 Clearly disclose payment behavior in SKILL.md's core capabilities section
中危
SKILL.md References Non-Existent Files
The file structure section in SKILL.md lists odds_fetcher.py, alert_manager.py, and data_storage.py, which do not exist in the package.
SKILL.md:107 Update SKILL.md to match actual file structure or remove file structure section
低危
Platform-Specific Path Reference
demo.py contains a hardcoded path to '~/.openclaw/workspace/skills/odds-movement-monitor', referencing a specific AI agent platform structure.
demo.py:6 Use relative imports or platform-agnostic path handling
低危
Environment Variable Credential Access
The skill reads from multiple environment variables (ODDS_API_KEY, SKILLPAY_USER_ID, SKILLPAY_API_KEY) without declaring this in SKILL.md
monitor.py, payment.py:148 Document required environment variables in SKILL.md
声明能力 vs 实际能力
文件系统 通过
声明 NONE
→ 推断 WRITE
monitor.py:67 - sqlite3.connect() creates local DB 网络访问 通过
声明 READ
→ 推断 READ+WRITE
payment.py:34 - POSTs to skillpay.me 环境变量 阻止
声明 NONE
→ 推断 READ
payment.py:99 - os.environ.get('SKILLPAY_USER_ID') 命令执行 通过
声明 NONE
→ 推断 NONE
— 数据库 通过
声明 NONE
→ 推断 WRITE
monitor.py:67-113 - SQLite database operations 可疑产物与外联
高危 API 密钥
API_KEY="your_api_key_here" README.md:24
高危 API 密钥
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
中危 外部 URL
https://the-odds-api.com/ README.md:27
中危 外部 URL
https://api.the-odds-api.com/v4 config.json:15
中危 外部 URL
https://skillpay.me payment.py:11
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| aiohttp | >=3.8.0 | pip | 否 | Version not pinned |
| requests | >=2.28.0 | pip | 否 | Version not pinned |
文件构成
10 个文件 · 1719 行
Python 5 个文件 · 1432 行Markdown 2 个文件 · 217 行JSON 2 个文件 · 68 行Text 1 个文件 · 2 行
需关注文件 · 5
config.json https://api.the-odds-api.com/v4
demo.py Platform-Specific Path Reference
payment.py Hardcoded Billing API Key · Undisclosed Payment Collection · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
SKILL.md SKILL.md References Non-Existent Files
README.md API_KEY="your_api_key_here" · https://the-odds-api.com/
其他文件 · monitor.py · change_detector.py · __init__.py · _meta.json · requirements.txt
安全亮点
No shell command execution or subprocess usage found
No base64-encoded payloads or obfuscated code detected
No credential harvesting targeting sensitive paths (~/.ssh, ~/.aws, etc.)
No data exfiltration mechanisms beyond declared network calls
No reverse shell, C2, or reverse engineering behavior
Database operations are local SQLite for legitimate data storage
Network calls are to declared, legitimate APIs (the-odds-api.com, skillpay.me)