中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 50/100
上次扫描:1 天前 重新扫描
50 /100
melo-tts-metadata-creator
MeloTTS metadata.list generation tool for training/fine-tuning with Whisper auto-transcription
Skill silently installs multiple undeclared Python packages (torch, whisper, audio-separator, librosa) and executes shell commands (nvidia-smi, pip install) without disclosure in SKILL.md documentation.
技能名称melo-tts-metadata-creator
分析耗时53.5s
引擎pi
谨慎使用
Add explicit declarations for all package installations, subprocess usage, network access to PyTorch/pypi mirrors, and virtual environment setup to SKILL.md. Alternatively, split installation into a separate documented pre-requisite step.

安全发现 5 项

严重性 安全发现 位置
中危
Undeclared silent package installation 文档欺骗
SKILL.md metadata declares only 'python' as required bin, but generate_metadata_list.py:18-20 silently installs openai-whisper, torch, torchaudio via ensure_package.pip() without user consent or documentation.
ensure_package.pip("openai-whisper")
ensure_package.pip("torch")
ensure_package.pip("torchaudio")
→ Document all required packages explicitly in SKILL.md or move installation to a documented pre-install step.
 scripts/generate_metadata_list.py:18
中危
Undeclared subprocess shell execution 文档欺骗
env_manager.py executes multiple shell commands via subprocess (nvidia-smi, pip install) to set up virtual environment and install dependencies. This is essential functionality not mentioned in SKILL.md.
subprocess.check_call([str(venv_python), "-m", "pip", "install", "--upgrade", "pip"])
→ Document subprocess/shell usage and the virtual environment setup process in SKILL.md.
 scripts/env_manager.py:79
中危
Undeclared extensive package dependencies 文档欺骗
env_manager.py lines 188-194 install audio-separator, librosa, pydub, huggingface-hub[tqdm] - 4+ additional packages not declared anywhere.
subprocess.check_call([str(venv_python), "-m", "pip", "install", "audio-separator[gpu]", "librosa"])
→ Document all dependencies or remove unnecessary packages.
 scripts/env_manager.py:188
低危
Unpinned package versions 供应链
All pip installs in ensure_package.py and env_manager.py use unpinned versions (*). This can lead to supply chain attacks via dependency confusion or typosquatting on future updates.
subprocess.check_call([sys.executable, "-m", "pip", "install", "--upgrade", pip_pkg, ...])
→ Pin package versions to known-good hashes or specific versions.
 scripts/ensure_package.py:45
低危
Undeclared network access for model downloads 文档欺骗
Whisper model downloads to ./models/ directory (generate_metadata_list.py:47) and PyTorch wheels from external URLs (env_manager.py:148,161) are not disclosed.
model = whisper.load_model("base", download_root=str(local_models_dir))
→ Document model download behavior and network usage.
 scripts/generate_metadata_list.py:47
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✗ 越权 scripts/config.py:20 creates LOG_DIR.parent.mkdir
命令执行 NONE WRITE ✗ 越权 scripts/env_manager.py:79 subprocess.check_call pip install
网络访问 NONE READ ✗ 越权 scripts/env_manager.py:148 downloads from pytorch.org
环境变量 NONE READ ✗ 越权 scripts/env_manager.py:45 reads os.getenv(RUNNING_IN_VENV)
技能调用 NONE WRITE ✗ 越权 scripts/generate_metadata_list.py:18 ensure_package.pip() auto-installs
3 项发现
🔗
中危 外部 URL 外部 URL
https://pypi.tuna.tsinghua.edu.cn/simple
scripts/ensure_package.py:50
🔗
中危 外部 URL 外部 URL
https://download.pytorch.org/whl/cpu
scripts/env_manager.py:148
🔗
中危 外部 URL 外部 URL
https://download.pytorch.org/whl/
scripts/env_manager.py:161

目录结构

8 文件 · 32.2 KB · 861 行
Python 5f · 567L Markdown 2f · 254L Ignore 1f · 40L
├─ 📁 scripts
│ ├─ 🐍 config.py Python 52L · 2.1 KB
│ ├─ 🐍 ensure_package.py Python 73L · 2.8 KB
│ ├─ 🐍 env_manager.py Python 235L · 10.3 KB
│ ├─ 🐍 generate_metadata_list.py Python 152L · 6.1 KB
│ └─ 🐍 logger_manager.py Python 55L · 2.6 KB
├─ 📄 .gitignore Ignore 40L · 359 B
├─ 📝 README.md Markdown 218L · 5.5 KB
└─ 📝 SKILL.md Markdown 36L · 2.3 KB

依赖分析 7 项

包名版本来源已知漏洞备注
openai-whisper * pip (auto-installed) Silent installation at runtime, not declared in docs
torch * pip (auto-installed) Downloaded from pytorch.org
torchaudio * pip (auto-installed) Downloaded from pytorch.org
audio-separator * pip (auto-installed) Installed in env_manager.py but not required for core functionality
librosa * pip (auto-installed) Installed but not imported anywhere in the codebase
pydub * pip (auto-installed) Installed but not imported anywhere in the codebase
huggingface-hub * pip (auto-installed) Installed but not imported anywhere in the codebase

安全亮点

✓ No evidence of credential theft or credential harvesting
✓ No reverse shell or C2 communication patterns detected
✓ No base64-encoded or obfuscated payloads
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
✓ No malicious persistence mechanisms (cron, startup hooks, backdoors)
✓ Package installation uses reputable sources (pytorch.org, pypi.tuna.tsinghua.edu.cn)
✓ Whisper transcription logic is legitimate and matches stated purpose
✓ Virtual environment creation is a reasonable security practice for dependency isolation