Skill Trust Decision
fulcra-onboarding
Fulcra 用户入职引导技能,存在未声明的远程脚本执行和权限声明宽泛问题,但核心功能为合法产品工具链,恶意证据不足。
Most direct threat evidence
High RCE
远程脚本执行 (curl|sh 模式) 在 prerequisites.md 第18行使用 `curl -LsSf https://astral.sh/uv/install.sh | sh` 从远程 URL 下载安装脚本并直接通过管道执行。这是高危模式,攻击者可篡改中间人流量注入任意代码。SKILL.md 未声明此 shell 执行能力。
references/fulcra-onboarding-prerequisites.md:18 Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
3 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 1 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
远程脚本执行 +20
prerequisites.md:18 使用 curl|sh 从 astral.sh 安装 uv,未在 SKILL.md 声明
权限声明缺失 +15
SKILL.md 未声明 allowed-tools,shell/network/filesystem 权限使用无文档
Most important evidence
High RCE
远程脚本执行 (curl|sh 模式)
在 prerequisites.md 第18行使用 `curl -LsSf https://astral.sh/uv/install.sh | sh` 从远程 URL 下载安装脚本并直接通过管道执行。这是高危模式,攻击者可篡改中间人流量注入任意代码。SKILL.md 未声明此 shell 执行能力。
references/fulcra-onboarding-prerequisites.md:18 改用预下载 + hash 验证或使用包管理器安装(如 pip install uv),避免管道执行远程脚本
Medium Priv Escalation
权限声明缺失
SKILL.md 未声明任何 allowed-tools。根据能力映射,该技能实际需要 shell:WRITE、network:READ/WRITE、filesystem:WRITE 权限,但文档未声明,存在权限超出声明的风险。
SKILL.md:1 在 SKILL.md 的 metadata 或 skills 数组中明确声明所需的 allowed-tools
Low Doc Mismatch
敏感操作前征求用户同意的时机
多个步骤需要用户 consent(安装 uv、登录、数据传输、获取数据),但 consent 流程嵌入在文档中而非运行时动态获取,可能导致在某些 Agent 执行环境中 consent 被跳过。
references/fulcra-onboarding-prerequisites.md:9 确保 consent 机制在实际执行时强制生效,不可在自动化场景中被绕过
Declared capability vs actual capability
Shell Block
Declared NONE
→ Inferred WRITE
references/fulcra-onboarding-prerequisites.md:18 Network Block
Declared NONE
→ Inferred READ/WRITE
多个 reference 文件中使用 curl 向 api.fulcradynamics.com 发送请求 Filesystem Block
Declared NONE
→ Inferred WRITE
references/fulcra-onboarding-demonstration.md 生成 HTML 文件 Suspicious artifacts and egress
Critical Dangerous Command
curl -LsSf https://astral.sh/uv/install.sh | sh references/fulcra-onboarding-prerequisites.md:18
Medium External URL
https://api.fulcradynamics.com/user/v1alpha1/schema/annotation references/fulcra-onboarding-create-annotations.md:22
Medium External URL
https://api.fulcradynamics.com/user/v1alpha1/schema/measurement references/fulcra-onboarding-create-annotations.md:27
Medium External URL
https://api.fulcradynamics.com/user/v1alpha1/annotation references/fulcra-onboarding-create-annotations.md:42
Medium External URL
https://api.fulcradynamics.com/user/v1alpha1/annotation/ references/fulcra-onboarding-create-annotations.md:49
Medium External URL
https://apps.apple.com/app/id1633037434 references/fulcra-onboarding-handoff.md:20
Medium External URL
https://context.fulcradynamics.com/ references/fulcra-onboarding-handoff.md:22
Medium External URL
https://astral.sh/uv/install.sh references/fulcra-onboarding-prerequisites.md:18
Medium External URL
https://astral.sh/uv/install.ps1 references/fulcra-onboarding-prerequisites.md:19
Medium External URL
https://api.fulcradynamics.com/ingest/v1/record references/fulcra-onboarding-record-annotations.md:28
Dependencies and supply chain
There are no structured dependency warnings.
File composition
7 files · 411 lines
Markdown 7 files · 411 lines
Files of concern · 5
references/fulcra-onboarding-create-annotations.md https://api.fulcradynamics.com/user/v1alpha1/schema/annotation · https://api.fulcradynamics.com/user/v1alpha1/schema/measurement · https://api.fulcradynamics.com/user/v1alpha1/annotation · https://api.fulcradynamics.com/user/v1alpha1/annotation/
references/fulcra-onboarding-record-annotations.md https://api.fulcradynamics.com/ingest/v1/record
SKILL.md 权限声明缺失
references/fulcra-onboarding-handoff.md https://apps.apple.com/app/id1633037434 · https://context.fulcradynamics.com/
references/fulcra-onboarding-prerequisites.md 远程脚本执行 (curl|sh 模式) · 敏感操作前征求用户同意的时机 · curl -LsSf https://astral.sh/uv/install.sh | sh · https://astral.sh/uv/install.sh · https://astral.sh/uv/install.ps1
Other files · fulcra-onboarding-demonstration.md · fulcra-onboarding-discovery.md
Security positives
凭证处理安全:使用 command substitution 实时注入令牌,不存储在 shell 变量中
文档明确警告凭证敏感性,要求用户不要分享授权 URL
数据外传前征求用户同意(user consent for data transmission)
使用官方 fulcra-api CLI 工具而非直接暴露凭证
HTML 仪表板生成在用户知情同意下进行(声明会创建本地文件)