中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:18 小时前 重新扫描
15 /100
skill-pilot
Adaptive skill scheduling engine with environment-aware routing, user preferences, and self-learning optimization
SkillPilot is a legitimate skill scheduling engine with good security practices including input validation, proper subprocess usage (no shell=True), and comprehensive security documentation. No malicious behavior detected.
技能名称skill-pilot
分析耗时45.9s
引擎pi
可以安装
This skill is safe to use. For enhanced security, consider restricting environment variable inheritance to only required variables.

安全发现 2 项

严重性 安全发现 位置
低危
Broad environment variable inheritance 权限提升
Subprocess execution inherits all environment variables via os.environ.copy() rather than selectively passing only required variables (TAVILY_API_KEY, BRAVE_API_KEY, HTTP_PROXY, OPENCLAW_TOKEN). This is declared but could be more restrictive.
env = os.environ.copy()
result = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, env=env)
→ Consider filtering environment variables to only those declared in SKILL.md (TAVILY_API_KEY, BRAVE_API_KEY, HTTP_PROXY, etc.)
 scripts/engine.py:279
低危
Shell execution through called skills not prominently documented 文档欺骗
The skill executes shell scripts (.sh) from other skills. While technically declared as 'skill_invoke:WRITE', the actual shell execution via bash is indirect.
elif script_path.endswith('.sh'):
    cmd = ['bash', script_path] + (args or [])
→ Consider adding explicit documentation that .sh scripts from other skills may be executed with shell privileges.
 scripts/engine.py:255
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md:security_notes line 3 - writes to skill-pilot directory
网络访问 READ READ ✓ 一致 scripts/environment.py - DNS/latency/proxy detection
命令执行 WRITE WRITE ✓ 一致 scripts/engine.py:279 - subprocess execution with list form, no shell=True
技能调用 WRITE WRITE ✓ 一致 SKILL.md:security_notes line 4 - executes other skill scripts
环境变量 READ READ ✓ 一致 SKILL.md:required_env - declared env vars
凭证窃取 NONE NONE No credential harvesting loops found
1 严重 2 项发现
💀
严重 危险命令 危险 Shell 命令
rm -rf /
SECURITY_DECLARATION.md:154
📧
提示 邮箱 邮箱地址
[email protected]
SECURITY_DECLARATION.md:230

目录结构

37 文件 · 197.0 KB · 6689 行
Python 16f · 3987L Markdown 11f · 2342L YAML 7f · 263L JSON 3f · 97L
├─ 📁 config
│ ├─ 📋 mode_config.json JSON 56L · 1.4 KB
│ └─ 📋 preference.yaml YAML 36L · 713 B
├─ 📁 profiles
│ ├─ 📋 cn-no-proxy.yaml YAML 35L · 764 B
│ ├─ 📋 cn-with-proxy.yaml YAML 30L · 521 B
│ └─ 📋 global.yaml YAML 30L · 471 B
├─ 📁 references
│ ├─ 📝 capability-taxonomy.md Markdown 291L · 4.8 KB
│ ├─ 📝 micro-routing-examples.md Markdown 181L · 4.1 KB
│ ├─ 📝 reminder-policy.md Markdown 136L · 3.0 KB
│ └─ 📝 resolution-order.md Markdown 138L · 3.0 KB
├─ 📁 scripts
│ ├─ 🐍 decision.py Python 198L · 6.9 KB
│ ├─ 🐍 engine.py Python 618L · 23.2 KB
│ ├─ 🐍 environment.py Python 315L · 10.8 KB
│ ├─ 🐍 fallback.py Python 213L · 7.7 KB
│ ├─ 🐍 init_skill.py Python 136L · 3.2 KB
│ ├─ 🐍 learning.py Python 481L · 16.1 KB
│ ├─ 🐍 mode.py Python 432L · 14.4 KB
│ ├─ 🐍 models.py Python 166L · 4.6 KB
│ ├─ 🐍 observability.py Python 342L · 13.0 KB
│ ├─ 🐍 package_skill.py Python 114L · 3.2 KB
│ ├─ 🐍 preference.py Python 338L · 11.6 KB
│ ├─ 🐍 registry.py Python 251L · 8.8 KB
│ ├─ 🐍 test.py Python 47L · 1.0 KB
│ └─ 🐍 validate.py Python 196L · 6.6 KB
├─ 📁 strategies
│ ├─ 📋 fetch-anti-bot.yaml YAML 49L · 961 B
│ ├─ 📋 search-cn.yaml YAML 41L · 827 B
│ └─ 📋 search-technical.yaml YAML 42L · 868 B
├─ 🐍 __init__.py Python 43L · 1.2 KB
├─ 📝 CHANGELOG.md Markdown 123L · 3.2 KB
├─ 🐍 demo.py Python 97L · 2.9 KB
├─ 📋 env_cache.json JSON 27L · 643 B
├─ 📋 package.json JSON 14L · 343 B
├─ 📝 RELEASE.md Markdown 132L · 3.0 KB
├─ 📝 RENAME.md Markdown 60L · 1.1 KB
├─ 📝 SECURITY_DECLARATION.md Markdown 234L · 5.5 KB
├─ 📝 SECURITY_FIX.md Markdown 206L · 5.3 KB
├─ 📝 SKILL.md Markdown 517L · 15.1 KB
└─ 📝 USAGE_GUIDE.md Markdown 324L · 6.2 KB

依赖分析 1 项

包名版本来源已知漏洞备注
pyyaml unpinned import Standard library yaml module used, version not specified

安全亮点

✓ Strong input validation: _validate_args() checks for dangerous characters (;, |, &, $, `, etc.)
✓ No shell=True: subprocess.run() uses list form only, preventing shell injection
✓ Query hashing: execution history stores hashed queries to protect user privacy
✓ Timeout protection: all subprocess calls have timeout limits (default 30s)
✓ Parameter length limits: max 1000 characters enforced
✓ Comprehensive security documentation: SECURITY_DECLARATION.md details all permissions
✓ No remote code execution: no curl|bash, wget|sh, or direct IP connections
✓ No credential harvesting: no iteration through os.environ for sensitive keys
✓ No obfuscation: no base64 encoding, eval(), or anti-analysis techniques
✓ File scope restriction: writes confined to skill-pilot directory only