cms-push-skill 安全扫描报告 — 低风险 | ClawSafe

20 /100

cms-push-skill

CMS Skill 推送工具 — 发布、更新 Skill 到平台，同步到 ClawHub 和 GitHub，包含问题反馈与状态管理

Legitimate CMS skill publishing and issue management tool with consistent doc-to-code alignment, but SSL certificate verification is globally disabled across all API calls, creating MITM exposure.

技能名称cms-push-skill

分析耗时59.9s

引擎pi

✓

可以安装

Replace all verify=False / ssl.CERT_NONE bypasses with proper certificate verification or at minimum a configurable opt-in flag. Pin dependencies to specific versions. Add the missing __init__.py to scripts/issue_report/

安全发现 5 项

严重性	安全发现	位置
中危	SSL/TLS certificate verification globally disabled All API request functions (in register_skill.py, update_skill.py, delete_skill.py, upload_to_qiniu.py, list_issues.py, report_issue.py, update_issue.py) disable SSL verification via verify=False or ssl.CERT_NONE. This exposes all API tokens and payloads (XG_USER_TOKEN, skill metadata, issue reports) to interception via man-in-the-middle attacks on the network. `verify=False` → Remove verify=False; use default certificate verification. If internal CA is needed, configure via a trusted CA bundle rather than blanket bypass.	`scripts/skill-management/register_skill.py:45`
低危	No dependency pinning No requirements.txt, pyproject.toml, or equivalent dependency manifest exists. The SKILL.md declares 'cms-auth-skills' as a dependency but it is not present as a file and is only used as a token source reference. `dependencies:\n - cms-auth-skills` → Add a requirements.txt pinning requests to a specific version (e.g., requests>=2.28.0,<3.0.0)	`SKILL.md:4`
低危	Missing __init__.py in scripts/issue_report/ SKILL.md documents an import pattern 'from issue_report.report_issue import auto_catch' suggesting scripts/issue_report/__init__.py should exist, but the file is missing. The import path in the docstring may be broken. `from issue_report.report_issue import auto_catch` → Add scripts/issue_report/__init__.py or correct the import documentation path	`SKILL.md:82`
提示	API base URL hardcoded without override validation DEFAULT_API_BASE is hardcoded to https://skills.mediportal.com.cn across all scripts. While --api-base allows override, there is no validation that the override target is an expected/trusted domain, which could be abused if an attacker provides a rogue --api-base. `DEFAULT_API_BASE = "https://skills.mediportal.com.cn"` → Add allowlist validation for --api-base overrides, or use a config file with trusted endpoints	`Multiple scripts:1`
提示	GitHub Issue template files are static assets, not executed github-issue-templates/ YAML files are documentation/form templates for GitHub's issue forms feature. They are copied to user repositories but are not executed. No security risk. `YAML form definitions for GitHub Issue forms` → No action needed	`github-issue-templates/:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	pack_skill.py reads skill_dir to build ZIP
网络访问	`READ`	`READ`	✓ 一致	All scripts make outbound HTTPS requests to declared endpoints
命令执行	`NONE`	`NONE`	—	No subprocess/shell execution found
环境变量	`READ`	`READ`	✓ 一致	Scripts read XG_USER_TOKEN, access-token, ACCESS_TOKEN — all declared in SKILL.m…
技能调用	`NONE`	`NONE`	—	No skill_invoke capability used

4 项发现

🔗

中危外部 URL 外部 URL

https://skills.mediportal.com.cn

scripts/issue_report/list_issues.py:20

🔗

中危外部 URL 外部 URL

https://skills.mediportal.com.cn）

scripts/issue_report/report_issue.py:202

🔗

中危外部 URL 外部 URL

https://wry-manatee-359.convex.site/api/v1/download?slug=

scripts/skill-management/publish_skill.py:66

🔗

中危外部 URL 外部 URL

https://up-z2.qiniup.com/

scripts/skill-management/upload_to_qiniu.py:44

目录结构

22 文件 · 63.3 KB · 1851 行

Python 9f · 1448L YAML 12f · 281L Markdown 1f · 122L

├─ ▾ 📁 github-issue-templates

│ ├─ 📋 bug_report.yml YAML 64L · 1.5 KB

│ ├─ 📋 config.yml YAML 5L · 224 B

│ ├─ 📋 documentation_issue.yml YAML 17L · 494 B

│ ├─ 📋 feature_request.yml YAML 54L · 1.1 KB

│ ├─ 📋 incident_report.yml YAML 19L · 561 B

│ ├─ 📋 integration_issue.yml YAML 17L · 591 B

│ ├─ 📋 performance_issue.yml YAML 21L · 661 B

│ ├─ 📋 question_support.yml YAML 15L · 406 B

│ ├─ 📋 refactor_proposal.yml YAML 17L · 478 B

│ ├─ 📋 regression_report.yml YAML 19L · 580 B

│ ├─ 📋 roadmap_proposal.yml YAML 17L · 512 B

│ └─ 📋 security_issue.yml YAML 16L · 522 B

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 issue_report

│ │ ├─ 🐍 list_issues.py Python 208L · 6.8 KB

│ │ ├─ 🐍 report_issue.py Python 236L · 8.3 KB

│ │ └─ 🐍 update_issue.py Python 141L · 4.0 KB

│ └─ ▾ 📁 skill-management

│ ├─ 🐍 delete_skill.py Python 85L · 2.4 KB

│ ├─ 🐍 pack_skill.py Python 88L · 3.0 KB

│ ├─ 🐍 publish_skill.py Python 280L · 11.6 KB

│ ├─ 🐍 register_skill.py Python 115L · 3.7 KB

│ ├─ 🐍 update_skill.py Python 126L · 4.1 KB

│ └─ 🐍 upload_to_qiniu.py Python 169L · 6.2 KB

└─ 📝 SKILL.md Markdown 122L · 5.7 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	Version not pinned; used in skill-management scripts but not in issue_report scripts which use stdlib urllib only

安全亮点

✓ No subprocess/shell execution — all operations use Python standard library or the requests library

✓ No credential exfiltration — XG_USER_TOKEN is only sent to declared platform API endpoints (skills.mediportal.com.cn)

✓ No sensitive path access (~/.ssh, ~/.aws, .env files) — scripts operate on explicitly provided skill directories and API tokens

✓ No base64/encoded payloads piped to shell, no eval(), no reverse shells, no C2 indicators

✓ Doc-to-code alignment is strong — all 9 capabilities documented in SKILL.md map directly to implemented scripts

✓ External URLs are all explicitly documented in SKILL.md (skills.mediportal.com.cn, qiniup.com, convex.site)

✓ No hidden functionality — no HTML comments with hidden instructions, no steganography, no obfuscation

✓ Error handling is appropriate — exceptions are caught, reported, and re-raised without silent data exfiltration

✓ Token access is read-only — credentials are used for authentication only, never logged or transmitted outside declared endpoints