Skill Trust Decision
typescript-package-manager
技能声称提供知识指导,但实现代码包含远程脚本执行(curl|bash管道)和未声明的shell执行能力,文档-行为存在差异
Most direct threat evidence
01
用户调用typescript-package-manager技能 Entry · SKILL.md
02
脚本通过execSync执行shell命令检测Bun是否安装 Escalation · scripts/bun-workflow.js
03
Bun未安装时输出curl|bash远程安装命令 Escalation · scripts/bun-workflow.js
Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
2 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 4 attack-chain steps and 1 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
Attack Chain
01
用户调用typescript-package-manager技能
Entry · SKILL.md:1
02
脚本通过execSync执行shell命令检测Bun是否安装
Escalation · scripts/bun-workflow.js:37
03
Bun未安装时输出curl|bash远程安装命令
Escalation · scripts/bun-workflow.js:195
04
用户若执行该命令,系统将执行来自远程URL的脚本(风险取决于URL安全性)
Impact · scripts/bun-workflow.js:195
What drove the risk score up
远程脚本执行 +25
curl -fsSL https://bun.sh/install | bash 和 curl -fsSL https://get.pnpm.io/install.sh | sh 管道执行
文档-行为不符 +15
SKILL.md声明为知识技能,但脚本实际执行shell命令并修改系统
shell执行未声明 +10
execSync调用未在文档中说明
无凭证收割 +-10
未发现凭证访问或外传
无数据外泄 +-10
未发现外部数据通信
Most important evidence
High RCE
远程脚本管道执行
bun-workflow.js:195 和 pnpm-workflow.md:51 包含 curl -fsSL <url> | bash/sh 模式,这是经典的高危远程代码执行模式。虽然用于安装合法工具,但存在被替换URL进行攻击的风险。
scripts/bun-workflow.js:195 改用安全的安装方式:npm install -g bun 或 corepack enable pnpm
Medium Doc Mismatch
声明能力与实际行为不符
SKILL.md声称是'知识技能',但scripts/文件夹中的脚本实际执行shell命令(execSync)并可能修改系统状态。这属于阴影功能。
SKILL.md:1 在SKILL.md中明确声明脚本将执行shell命令
Medium Priv Escalation
shell执行能力未声明
脚本使用execSync执行任意shell命令(如npm audit, tsc, npx等),但SKILL.md的allowed-tools中未声明shell:WRITE权限。
scripts/bun-workflow.js:27 在文档中明确声明需要shell执行权限及用途
Low Supply Chain
外部URL依赖
多处引用外部URL(bun.sh, pnpm.io等)作为文档链接和安装源,依赖第三方基础设施。
scripts/bun-workflow.js, scripts/pnpm-workflow.md:120,195,51 考虑使用更稳定的安装方式减少供应链风险
Declared capability vs actual capability
Filesystem Pass
Declared READ
→ Inferred READ
脚本仅读取本地文件如tsconfig.json、package.json Shell Block
Declared NONE
→ Inferred WRITE
scripts/bun-workflow.js:195, scripts/pnpm-workflow.md:51 - curl|bash管道远程执行 Network Pass
Declared NONE
→ Inferred READ
脚本访问外部URL获取安装脚本,但作为工具安装的一部分 Environment Pass
Declared NONE
→ Inferred READ
health-check.js通过execSync执行npm audit读取环境 Suspicious artifacts and egress
Critical Dangerous Command
curl -fsSL https://bun.sh/install | bash scripts/bun-workflow.js:195
Critical Dangerous Command
curl -fsSL https://get.pnpm.io/install.sh | sh scripts/pnpm-workflow.md:51
Medium External URL
https://yourwebsite.com assets/package-json-template.md:25
Medium External URL
https://docs.npmjs.com/cli/v9/configuring-npm/package-json assets/package-json-template.md:521
Medium External URL
https://nodejs.org/api/packages.html assets/package-json-template.md:522
Medium External URL
https://www.typescriptlang.org/docs/handbook/module-resolution.html assets/package-json-template.md:523
Medium External URL
https://www.typescriptlang.org/docs/handbook/integrating-with-build-tools.html references/integration-with-build-tools.md:13
Medium External URL
https://vitejs.dev/guide/ references/integration-with-build-tools.md:614
Medium External URL
https://webpack.js.org/concepts/ references/integration-with-build-tools.md:615
Medium External URL
https://esbuild.github.io/ references/integration-with-build-tools.md:616
Medium External URL
https://turbo.build/repo/docs references/integration-with-build-tools.md:617
Medium External URL
https://en.wikipedia.org/wiki/Npm references/package-management.md:13
Dependencies and supply chain
There are no structured dependency warnings.
File composition
13 files · 6923 lines
Markdown 10 files · 5899 linesJavaScript 3 files · 1024 lines
Files of concern · 9
scripts/health-check.md https://www.typescriptlang.org/tsconfig/ · https://www.typescriptlang.org/docs/handbook/declaration-files/do-s-and-don-ts.html
scripts/npm-workflow.md https://docs.npmjs.com/
scripts/yarn-workflow.md https://yarnpkg.com/ · https://yarnpkg.com/getting-started/migration · https://yarnpkg.com/features/pnp · https://yarnpkg.com/features/workspaces
scripts/bun-workflow.md https://bun.sh/docs · https://npm.mycompany.com/
scripts/bun-workflow.js 远程脚本管道执行 · shell执行能力未声明 · curl -fsSL https://bun.sh/install | bash · https://bun.sh/docs/runtime/bunfig · https://registry.myorg.com/ · https://bun.sh/install
scripts/pnpm-workflow.md curl -fsSL https://get.pnpm.io/install.sh | sh · https://get.pnpm.io/install.ps1 · https://get.pnpm.io/install.sh · https://npm.company.com/ · https://pnpm.io/cli/add · https://pnpm.io/workspaces · https://pnpm.io/benchmarks
references/integration-with-build-tools.md https://www.typescriptlang.org/docs/handbook/integrating-with-build-tools.html · https://vitejs.dev/guide/ · https://webpack.js.org/concepts/ · https://esbuild.github.io/ · https://turbo.build/repo/docs
assets/package-json-template.md https://yourwebsite.com · https://docs.npmjs.com/cli/v9/configuring-npm/package-json · https://nodejs.org/api/packages.html · https://www.typescriptlang.org/docs/handbook/module-resolution.html
SKILL.md 声明能力与实际行为不符
Other files · health-check.js · npm-workflow.js · package-manager-comparison.md
Security positives
无凭证访问或窃取行为
无数据外泄或C2通信
代码结构清晰,包含内建测试
无恶意混淆或Base64编码执行
依赖第三方安全工具进行审计和检查