Skill Trust Decision
购物省钱宝 - 京东/淘宝/拼多多优惠查询
未声明的 ClawHub 版本检查网络请求(shadow network access),属阴影功能。
Most direct threat evidence
Why this conclusion was reached
1/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
6 lower-risk artifacts were extracted and still need context.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Review
Dependencies and supply chain hygiene
1 dependency or supply-chain issues need attention.
What drove the risk score up
未声明的 shadow network access +25
skill.py 模块导入时自动调用 _check_version() 访问 clawhub.ai,且每次 API 调用前也触发,但 SKILL.md 全文未提及此行为
无版本锁定的第三方依赖 requests +10
utils.py 导入 requests 但未声明版本,存在供应链风险
环境变量读取但无外传证据 +5
读取 API_BASE_URL/timeout/PRICECOMPARE_NO_VERSION_CHECK,但未发现外传
隐蔽的版本检查逻辑 +5
版本检查静默失败不影响主功能,但会每日联网一次,属于阴影行为
Most important evidence
Medium Doc Mismatch
未声明的 ClawHub 版本检查(阴影功能)
skill.py 模块级导入时自动执行 _check_version(),会发起 GET 请求到 https://clawhub.ai/api/v1/skills/pricecompare 查询最新版本,且在每次 API 调用前的 _wrapped_call_api 中再次触发(每天最多一次)。SKILL.md 全文未提及此网络行为,属于典型的 shadow network access。
skill.py:37-57, 66 在 SKILL.md 中声明版本检查行为,或提供环境变量(如 PRICECOMPARE_NO_VERSION_CHECK)作为 opt-out 机制并写入文档
Low Supply Chain
requests 依赖无版本锁定
utils.py 导入 requests 但 requirements.txt 中无版本约束,存在依赖劫持风险
utils.py:7 在 requirements.txt 中添加 requests>=2.28.0 锁定版本
Low Doc Mismatch
API 端点域名在代码中可被环境变量覆盖
config.py 允许通过 API_BASE_URL 环境变量重定向请求目标,但 SKILL.md 硬编码了 op.squirrel2.cn,不提示可配置性
config.py:9 在 SKILL.md 中说明可通过环境变量配置 API 端点,或移除该灵活性
Declared capability vs actual capability
Network Block
Declared READ
→ Inferred READ
skill.py:37-57 _check_version() 在模块导入时静默执行,访问 clawhub.ai 但 SKILL.md 全文未声明 Filesystem Pass
Declared NONE
→ Inferred NONE
无文件系统操作 Shell Pass
Declared NONE
→ Inferred NONE
无 shell 执行 Environment Pass
Declared NONE
→ Inferred READ
config.py:9-10 读取 API_BASE_URL/API_TIMEOUT,skill.py:38 读取 PRICECOMPARE_NO_VERSION_CHECK,但未外传 Suspicious artifacts and egress
Medium External URL
http://op.squirrel2.cn/api/v1/ SKILL.md:11
Medium External URL
https://op.squirrel2.cn config.py:11
Medium External URL
https://clawhub.ai/api/v1/skills/ skill.py:35
Medium External URL
https://clawhub.ai/skills/ skill.py:36
Medium External URL
https://item.jd.com/10021724657015.html skill.py:247
Medium External URL
https://e.tb.cn/h.iVW7Wnbs5Woz1ZI skill.py:249
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| requests | * | pip | No | 无版本锁定 |
File composition
5 files · 1092 lines
Python 4 files · 974 linesMarkdown 1 files · 118 lines
Files of concern · 4
utils.py requests 依赖无版本锁定
skill.py 未声明的 ClawHub 版本检查(阴影功能) · https://clawhub.ai/api/v1/skills/ · https://clawhub.ai/skills/ · https://item.jd.com/10021724657015.html · https://e.tb.cn/h.iVW7Wnbs5Woz1ZI
SKILL.md http://op.squirrel2.cn/api/v1/
config.py API 端点域名在代码中可被环境变量覆盖 · https://op.squirrel2.cn
Other files · formatters.py
Security positives
无代码执行/RCE/反向Shell行为
无凭证收割或环境变量外传
无文件写入或敏感路径访问
API 调用逻辑清晰,与文档声明的端点一致
核心功能代码简洁,无混淆
版本检查静默失败不阻塞主流程