安全决策报告
safe-flow-solana-skill
SafeFlow Solana skill has undeclared shell execution and missing referenced files, with a doc-to-code mismatch that obscures actual implementation complexity.
最直接的威胁证据
高危 文档欺骗
Undocumented shell command execution SKILL.md declares no shell:WRITE but scripts execute solana-keygen (bootstrap.sh:40) and npx ts-node (execute_payment.sh:36). This is significant shell access not disclosed to users.
scripts/bootstrap.sh:40 为什么得出这个结论
1/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
复核
隐藏执行与外联
提取到 2 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 3 项高危或严重发现。
复核
依赖与供应链卫生
发现 5 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Undeclared shell execution +15
SKILL.md does not document use of solana-keygen, npx, ts-node, or node executables
Missing referenced files +12
execute_payment.sh references sdk/src/agent and target/idl/safeflow_solana.json which do not exist in the skill package
Undeclared Node.js runtime +8
SKILL.md declares no dependencies; save_config.sh and execute_payment.sh require Node.js with specific packages
Network access not documented +7
SKILL.md does not list network:READ or mention Solana API endpoints (devnet/mainnet)
最关键的证据
高危 文档欺骗
Undocumented shell command execution
SKILL.md declares no shell:WRITE but scripts execute solana-keygen (bootstrap.sh:40) and npx ts-node (execute_payment.sh:36). This is significant shell access not disclosed to users.
scripts/bootstrap.sh:40 Document all shell commands in SKILL.md under ## Required Tools or ## Declared Capabilities
高危 文档欺骗
Missing referenced implementation files
execute_payment.sh lines 39 and 41 reference target/idl/safeflow_solana.json and ./sdk/src/agent. Neither file exists in the package. This means the script cannot function as written.
scripts/execute_payment.sh:39 Either include these files in the skill package or update SKILL.md to explain these are external dependencies that must be provided separately
高危 文档欺骗
Undeclared Node.js runtime dependency
save_config.sh and execute_payment.sh require Node.js with packages @solana/web3.js and @coral-xyz/anchor. SKILL.md declares no dependencies, no runtime requirements, and no package manager (npm/pnpm).
scripts/save_config.sh:24 Add a ## Dependencies section to SKILL.md listing Node.js version, npm packages, and any external CLI tools
中危 文档欺骗
Undeclared network endpoints
SKILL.md does not mention network:READ capability or the Solana API endpoints (api.devnet.solana.com, api.mainnet-beta.solana.com) that execute_payment.sh connects to.
scripts/execute_payment.sh:44 Add ## Network Access section to SKILL.md listing all external API endpoints
低危 供应链
Unpinned npx/ts-node execution
execute_payment.sh uses 'npx ts-node' without version pinning, which could execute different versions over time. The SKILL.md also does not declare this tool requirement.
scripts/execute_payment.sh:36 Pin ts-node version in package.json and document the requirement in SKILL.md
声明能力 vs 实际能力
文件系统 通过
声明 NONE
→ 推断 WRITE
bootstrap.sh:35 writes .safeflow/config.json 命令执行 通过
声明 NONE
→ 推断 WRITE
bootstrap.sh:40 executes solana-keygen; execute_payment.sh:36 executes npx ts-node 网络访问 通过
声明 NONE
→ 推断 READ
execute_payment.sh:44-46 connects to api.devnet.solana.com 环境变量 通过
声明 NONE
→ 推断 NONE
No environment variable access detected 可疑产物与外联
中危 外部 URL
https://api.devnet.solana.com scripts/execute_payment.sh:44
中危 外部 URL
https://api.mainnet-beta.solana.com scripts/execute_payment.sh:46
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| npx | * | npm | 否 | Not pinned, not declared in SKILL.md |
| ts-node | * | npm | 否 | Not pinned, not declared in SKILL.md |
| @solana/web3.js | * | npm | 否 | Not declared in SKILL.md, loaded at runtime |
| @coral-xyz/anchor | * | npm | 否 | Not declared in SKILL.md, loaded at runtime |
| solana-keygen | * | cli | 否 | External Solana CLI tool, not declared in SKILL.md |
文件构成
4 个文件 · 264 行
Shell 3 个文件 · 193 行Markdown 1 个文件 · 71 行
需关注文件 · 3
scripts/execute_payment.sh Missing referenced implementation files · Undeclared network endpoints · Unpinned npx/ts-node execution · https://api.devnet.solana.com · https://api.mainnet-beta.solana.com
scripts/bootstrap.sh Undocumented shell command execution
scripts/save_config.sh Undeclared Node.js runtime dependency
其他文件 · SKILL.md
安全亮点
No credential harvesting or sensitive data exfiltration detected
No base64-encoded obfuscation or anti-analysis techniques found
No reverse shell, C2, or reverse connection behavior
No hidden instructions in comments or documentation
No attempts to access ~/.ssh, ~/.aws, or .env files
Payment logic appears to be legitimate Solana on-chain rate limiting
No evidence of persistence mechanisms (cron, startup hooks, backdoors)