中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:1 day ago Rescan
20 /100
VIN Recognition OCR - VIN识别
对车架号/VIN 图片做识别并返回 VIN 及品牌厂家等信息
A straightforward VIN OCR skill that reads local images and POSTs them to a third-party API. No malicious behavior, but undocumented network and filesystem access warrant declaration.
Skill NameVIN Recognition OCR - VIN识别
Duration29.3s
Enginepi
Safe to install
Add 'network:WRITE' and 'filesystem:READ' to the skill's declared capabilities in SKILL.md to accurately reflect what the script does.

Findings 6 items

Severity Finding Location
Low
Undeclared outbound network access
The script makes HTTPS POST requests to https://api.jisuapi.com/vinrecognition/recognize to perform VIN OCR, but SKILL.md only describes the feature without declaring network:WRITE access.
resp = requests.post(VIN_RECOG_URL, params=params, data=data, timeout=15)
→ Add 'network:WRITE' to the skill's metadata and documentation to accurately reflect the capability requirement.
 vinrecognition.py:47
Low
Undeclared local filesystem read access
The script reads local image files from disk (path/image/file fields) and converts them to base64 before sending to the API. SKILL.md does not declare filesystem:READ.
with open(path, 'rb') as f:
    raw = f.read()
→ Add 'filesystem:READ' to the skill's declared capabilities since the skill reads local files for image processing.
 vinrecognition.py:95
Info
Path traversal protection present
The _normalize_local_path function correctly blocks absolute paths and '..' path traversal, preventing reads outside the working directory. This is good security hygiene.
if norm.startswith('..') or norm == '..':
→ None — this is a positive security finding.
 vinrecognition.py:17
Info
Credential from environment only
The API key is read exclusively from the JISU_API_KEY environment variable at runtime. No hardcoded credentials are present in the source code.
appkey = os.getenv('JISU_API_KEY')
→ None — this is a positive security finding.
 vinrecognition.py:120
Info
API key validated before use
The script exits early with a clear error message if JISU_API_KEY is not set, preventing silent failures or credential leakage.
if not appkey:
    print('Error: JISU_API_KEY must be set in environment.', file=sys.stderr)
    sys.exit(1)
→ None — this is a positive security finding.
 vinrecognition.py:122
Info
No data exfiltration detected
The script only sends image data to the declared JisuAPI endpoint and returns structured OCR results. No credential forwarding, key iteration, or secondary exfiltration channels exist.
resp = requests.post(VIN_RECOG_URL, params=params, data=data, timeout=15)
→ None — this is a positive security finding.
 vinrecognition.py:47
ResourceDeclaredInferredStatusEvidence
Network NONE WRITE ✓ Aligned vinrecognition.py:47 — requests.post(VIN_RECOG_URL, ...)
Filesystem NONE READ ✓ Aligned vinrecognition.py:95 — open(path, 'rb')
Environment READ READ ✓ Aligned vinrecognition.py:120 — os.getenv('JISU_API_KEY')
Shell NONE NONE
1 High 4 findings
🔑
High API Key 疑似硬编码凭证
API_KEY="your_appkey_here"
SKILL.md:26
🔗
Medium External URL 外部 URL
https://www.jisuapi.com/
SKILL.md:9
🔗
Medium External URL 外部 URL
https://www.jisuapi.com/api/vinrecognition/
SKILL.md:19
🔗
Medium External URL 外部 URL
https://api.jisuapi.com/vinrecognition/recognize
vinrecognition.py:17

File Tree

2 files · 10.4 KB · 304 lines
Python 1f · 159L Markdown 1f · 145L
├─ 📝 SKILL.md Markdown 145L · 5.8 KB
└─ 🐍 vinrecognition.py Python 159L · 4.6 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
requests * pip No Version not pinned; no known vulnerabilities at time of analysis

Security Positives

✓ Path traversal protection prevents reading files outside the working directory
✓ API key is read exclusively from environment variable, not hardcoded
✓ Script validates API key presence before making any network calls
✓ No credential harvesting or iteration over environment variables
✓ No subprocess, shell execution, or eval usage
✓ No hidden HTML comments or steganographic payloads
✓ No curl|bash or wget|sh remote script execution
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env
✓ HTTPS is used for the external API call
✓ Timeout of 15 seconds prevents indefinite hanging