中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:2 天前 重新扫描
20 /100
MRAgent
LLM-powered automated Mendelian Randomization for causal discovery in biomedical research
MRAgent is a legitimate biomedical Mendelian Randomization analysis tool. All observed behaviors (R script execution, API key usage, network calls) are declared or consistent with the documented scientific purpose. No data exfiltration, reverse shells, or hidden C2 activity was found. Minor security flaws include unpinned dependencies and use of os.system() for R execution.
技能名称MRAgent
分析耗时140.2s
引擎pi
可以安装
Approve for use with caution: pin all Python and R package versions before deployment, replace os.system() with subprocess.run() for better argument isolation, and do not include .idea/deployment.xml with credentials in distributable packages.

安全发现 7 项

严重性 安全发现 位置
低危
os.system() used for R execution instead of subprocess
agent_tool.py uses os.system() three times (lines 382, 483, 672) to execute R scripts. While the Rscript binary is declared in SKILL.md, os.system() invokes a shell which has higher attack surface than subprocess.run(). The R scripts are dynamically generated and include the gwas_token as a string parameter.
os.system('R --slave --no-save --no-restore --no-site-file --no-environ -f  test.R --args')
→ Replace os.system() with subprocess.run() using a list of arguments for better isolation. Pass gwas_token via environment variable rather than embedding in the command line.
 mrmrmr/mragent/agent_tool.py:382
低危
eval() used for parsing CSV cell values into Python lists
agent_workflow.py:1041-1042 uses eval() to convert string representations of Python lists (stored in CSV cells) back into actual lists. The source is internal agent output, not user-controlled external input, which limits exploitability.
Outcome_id_list = eval(Outcome_id)
Exposure_id_list = eval(Exposure_id)
→ Replace eval() with ast.literal_eval() which only evaluates Python literals (lists, dicts, strings, numbers, booleans, None) and cannot execute arbitrary code.
 mrmrmr/mragent/agent_workflow.py:1041
低危
R packages auto-installed without version pinning
MRtool and MRtool_MRlap functions generate R scripts that call install.packages() for TwoSampleMR, ieugwasr, vcfR, MRlap, etc. without version constraints. This allows R to fetch the latest version from CRAN at runtime.
if (!requireNamespace("TwoSampleMR", quietly = TRUE)) {{
  install.packages("TwoSampleMR")
}}
→ Pin R package versions in install.packages() calls, e.g., install.packages("[email protected]"), or document that a specific version of R and these packages must be pre-installed.
 mrmrmr/mragent/agent_tool.py:268
低危
Unpinned Python dependencies
requirements.txt and pyproject.toml use caret version ranges (^1.4.2, ^2.27.1, etc.) without upper bounds. This allows pip to install newer versions that could contain vulnerabilities.
pandas>=1.4.2
reportlab>=4.0.9
requests>=2.27.1
→ Pin exact versions (==) or narrow ranges for production deployments. Use tools like pip-compile or pipenv to generate a locked requirements file.
 mrmrmr/requirements.txt:1
提示
Baidu Analytics tracking pixel in web_demo.py
web_demo.py includes a Baidu Analytics (hm.baidu.com) tracking script. This makes outbound HTTP requests to a third-party analytics service on every page load of the web UI.
hm.src = "https://hm.baidu.com/hm.js?d8a4c130d7263e954bf9df2496e692c3"
→ Remove Baidu Analytics from web_demo.py for privacy compliance, or at minimum document it in SKILL.md.
 mrmrmr/web_demo.py:480
提示
IDE deployment config with hardcoded IPs and passwords
mrmrmr/.idea/deployment.xml contains SSH credentials with IP addresses (192.168.1.119, 172.25.18.14, etc.) and password references. These are IDE configuration files, not runtime code, but could leak if the package is distributed.
<paths name="[email protected]:22 password">
→ Remove .idea/ directory from distributable packages. Add it to .gitignore.
 mrmrmr/.idea/deployment.xml:33
提示
curl|sh installation instructions in README.md
README.md:58 contains 'curl -fsSL https://ollama.com/install.sh | sh' for Ollama installation. This is standard Ollama setup documentation and is mentioned in SKILL.md's Ollama support section, though the actual execution command is in README.md not SKILL.md.
curl -fsSL https://ollama.com/install.sh | sh
→ Document the Ollama installation requirement explicitly in SKILL.md rather than relying on README.md.
 mrmrmr/README.md:58
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 agent_tool.py:379 writes R scripts; agent_workflow.py:921 creates output directo…
命令执行 WRITE WRITE ✓ 一致 agent_tool.py:382,483,672 uses os.system('R --slave ...') to execute dynamically…
网络访问 READ READ ✓ 一致 agent_tool.py makes HTTP requests to PubMed (Entrez), OpenGWAS (gwas.mrcieu.ac.u…
环境变量 READ READ ✓ 一致 run_mragent.py:49 reads OPENAI_API_KEY and OPENGWAS_JWT; gwas_token passed to MR…
技能调用 NONE NONE No cross-skill invocation observed
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser automation found
数据库 NONE NONE No direct database connections found
1 严重 1 高危 37 项发现
💀
严重 危险命令 危险 Shell 命令
curl -fsSL https://ollama.com/install.sh | sh
mrmrmr/README.md:58
📡
高危 IP 地址 硬编码 IP 地址
172.25.18.14
mrmrmr/.idea/deployment.xml:33
🔗
中危 外部 URL 外部 URL
http://www.apache.org/licenses/
mrmrmr/LICENSE.txt:3
🔗
中危 外部 URL 外部 URL
http://www.apache.org/licenses/LICENSE-2.0
mrmrmr/LICENSE.txt:195
🔗
中危 外部 URL 外部 URL
https://doi.org/10.1093/bib/bbaf140
mrmrmr/README.md:2
🔗
中危 外部 URL 外部 URL
https://doi.org/10.5281/zenodo.14184396
mrmrmr/README.md:2
🔗
中危 外部 URL 外部 URL
https://huggingface.co/spaces/xuwei1997/MRAgent
mrmrmr/README.md:2
🔗
中危 外部 URL 外部 URL
https://p1bvxbwjxl0.feishu.cn/docx/L0ogdoDs5ofjIux6W6gct8E4nyd?from=from_copylink
mrmrmr/README.md:2
🔗
中危 外部 URL 外部 URL
https://www.python.org/
mrmrmr/README.md:27
🔗
中危 外部 URL 外部 URL
https://www.anaconda.com/download
mrmrmr/README.md:28
🔗
中危 外部 URL 外部 URL
https://www.r-project.org/
mrmrmr/README.md:30
🔗
中危 外部 URL 外部 URL
https://platform.openai.com/docs/overview
mrmrmr/README.md:47
🔗
中危 外部 URL 外部 URL
https://markdown.com.cn
mrmrmr/README.md:53
🔗
中危 外部 URL 外部 URL
https://ollama.com/install.sh
mrmrmr/README.md:58
🔗
中危 外部 URL 外部 URL
https://api.opengwas.io/
mrmrmr/README.md:66
🔗
中危 外部 URL 外部 URL
https://www.dropbox.com/s/5la7y38od95swcf/rf.rdata?dl=0
mrmrmr/README.md:102
🔗
中危 外部 URL 外部 URL
https://www.strobe-mr.org/
mrmrmr/README.md:125
🔗
中危 外部 URL 外部 URL
https://utexas.box.com/s/vkd36n197m8klbaio3yzoxsee6sxo11v
mrmrmr/README.md:133
🔗
中危 外部 URL 外部 URL
https://www.flaticon.com/
mrmrmr/README.md:279
🔗
中危 外部 URL 外部 URL
https://api.gpt.ge/v1/
mrmrmr/agent_workflow_demo.py:11
🔗
中危 外部 URL 外部 URL
https://gwas.mrcieu.ac.uk/datasets/?trait__icontains=
mrmrmr/mragent/agent_tool.py:170
🔗
中危 外部 URL 外部 URL
https://www.ncbi.nlm.nih.gov/research/bionlp/RESTful/pmcoa.cgi/BioC_json/[ID
mrmrmr/mragent/agent_tool.py:235
🔗
中危 外部 URL 外部 URL
https://www.ncbi.nlm.nih.gov/research/bionlp/RESTful/pmcoa.cgi/BioC_json/
mrmrmr/mragent/agent_tool.py:236
🔗
中危 外部 URL 外部 URL
https://gwas.mrcieu.ac.uk/files/
mrmrmr/mragent/agent_tool.py:618
🔗
中危 外部 URL 外部 URL
https://uts-ws.nlm.nih.gov/rest/search/current?apiKey=
mrmrmr/mragent/agent_tool.py:678
🔗
中危 外部 URL 外部 URL
https://uts-ws.nlm.nih.gov/rest/content/current/CUI/
mrmrmr/mragent/agent_tool.py:688
🔗
中危 外部 URL 外部 URL
https://www.ebi.ac.uk/gwas/rest/api/studies/search
mrmrmr/mragent/agent_tool.py:716
🔗
中危 外部 URL 外部 URL
https://www.ebi.ac.uk/gwas/rest/api/studies/
mrmrmr/mragent/agent_tool.py:777
🔗
中危 外部 URL 外部 URL
https://api.finngen.fi/api/phenos
mrmrmr/mragent/agent_tool.py:794
🔗
中危 外部 URL 外部 URL
https://api.finngen.fi/api/phenos/
mrmrmr/mragent/agent_tool.py:847
🔗
中危 外部 URL 外部 URL
https://gwas-api.mrcieu.ac.uk/search
mrmrmr/mragent/agent_tool.py:864
🔗
中危 外部 URL 外部 URL
https://integrate.api.nvidia.com/v1
mrmrmr/step_2_test_STROBE_MR.py:85
🔗
中危 外部 URL 外部 URL
https://hm.baidu.com/hm.js?d8a4c130d7263e954bf9df2496e692c3
mrmrmr/web_demo.py:480
📧
提示 邮箱 邮箱地址
[email protected]
mrmrmr/.idea/deployment.xml:5
📧
提示 邮箱 邮箱地址
[email protected]
mrmrmr/.idea/deployment.xml:12
📧
提示 邮箱 邮箱地址
[email protected]
mrmrmr/mragent/agent_tool.py:31
📧
提示 邮箱 邮箱地址
[email protected]
mrmrmr/pyproject.toml:5

目录结构

31 文件 · 230.0 KB · 5318 行
Python 18f · 4530L Markdown 2f · 414L Text 2f · 210L XML 7f · 131L TOML 1f · 25L Ignore 1f · 8L
├─ 📁 mrmrmr
│ ├─ 📁 .idea
│ │ ├─ 📁 inspectionProfiles
│ │ │ ├─ 📄 profiles_settings.xml XML 5L · 174 B
│ │ │ └─ 📄 Project_Default.xml XML 34L · 1.6 KB
│ │ ├─ 📄 .gitignore Ignore 8L · 182 B
│ │ ├─ 📄 deployment.xml XML 62L · 1.9 KB
│ │ ├─ 📄 forwardedPorts.xml XML 12L · 353 B
│ │ ├─ 📄 misc.xml XML 6L · 282 B
│ │ ├─ 📄 modules.xml XML 7L · 266 B
│ │ └─ 📄 vcs.xml XML 5L · 180 B
│ ├─ 📁 mragent
│ │ ├─ 🐍 __init__.py Python 1L · 76 B
│ │ ├─ 🐍 agent_tool.py Python 921L · 31.0 KB
│ │ ├─ 🐍 agent_workflow_OE.py Python 27L · 1.5 KB
│ │ ├─ 🐍 agent_workflow.py Python 1102L · 47.0 KB
│ │ ├─ 🐍 LLM.py Python 40L · 1.3 KB
│ │ └─ 🐍 template_text.py Python 263L · 23.1 KB
│ ├─ 🐍 agent_workflow_demo.py Python 15L · 538 B
│ ├─ 🐍 agent_workflow_OE_demo.py Python 12L · 389 B
│ ├─ 📄 LICENSE.txt Text 201L · 11.1 KB
│ ├─ 📄 pyproject.toml TOML 25L · 604 B
│ ├─ 📝 README.md Markdown 278L · 15.1 KB
│ ├─ 🐍 step_1_test_out.py Python 173L · 6.2 KB
│ ├─ 🐍 step_1_test_SimCSE.py Python 163L · 5.8 KB
│ ├─ 🐍 step_2_test_STROBE_MR.py Python 91L · 3.8 KB
│ ├─ 🐍 step_2_test.py Python 80L · 2.6 KB
│ ├─ 🐍 step_5_test.py Python 144L · 4.6 KB
│ ├─ 🐍 step_9_test_out.py Python 199L · 8.5 KB
│ ├─ 🐍 step_9_test_prompt.py Python 415L · 26.2 KB
│ ├─ 🐍 step_9_test_SimCSE.py Python 83L · 2.4 KB
│ └─ 🐍 web_demo.py Python 486L · 16.3 KB
├─ 📄 requirements.txt Text 9L · 142 B
├─ 🐍 run_mragent.py Python 315L · 10.3 KB
└─ 📝 SKILL.md Markdown 136L · 6.5 KB

依赖分析 10 项

包名版本来源已知漏洞备注
pandas ^1.4.2 pip Version not pinned, caret range
reportlab ^4.0.9 pip Version not pinned, caret range
PyPDF2 ^3.0.1 pip Version not pinned, note: PyPDF2 is superseded by pypdf
numpy ^1.19.5 pip Version not pinned, caret range
biopython ^1.82 pip Version not pinned, caret range
requests ^2.27.1 pip Version not pinned, caret range; CVE-2023-32681 was in urllib, not requests
openai ^1.6.1 pip Version not pinned, caret range
ollama ^0.1.8 pip Version not pinned, caret range
TwoSampleMR unpinned R/CRAN Auto-installed in R script without version constraint
ieugwasr unpinned R/CRAN Auto-installed in R script without version constraint

安全亮点

✓ All network behavior (PubMed, OpenGWAS, NCBI, UMLS) is consistent with documented scientific functionality
✓ No data exfiltration to external IPs — API calls are all to legitimate biomedical databases
✓ No reverse shells, C2 infrastructure, or suspicious encoded payloads found
✓ No credential harvesting beyond declared API keys used for their intended services
✓ No hidden functionality — the codebase is a straightforward MR analysis pipeline
✓ API keys are only used to call the declared OpenAI and OpenGWAS APIs
✓ Filesystem write operations are limited to the designated output directory
✓ The .idea/ directory with credentials is not part of the main skill distribution