中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 48/100
Last scan:1 day ago Rescan
48 /100
sql_audit
SQL syntax and security audit + real execution, returns query data results
The skill contains hardcoded credentials and undeclared external network communication to a static IP, but implements legitimate SQL audit functionality without evidence of malicious data exfiltration.
Skill Namesql_audit
Duration30.4s
Enginepi
Use with caution
Remove hardcoded IP and JWT token, use environment variables exclusively. Document all external network calls in SKILL.md.

Findings 3 items

Severity Finding Location
High
Hardcoded JWT token in source code Credential Theft
A default JWT authentication token is hardcoded in _get_gemini_config() function. This token appears to contain base64-encoded user credentials (admin user). If this token is a real credential, it should be stored in environment variables only.
_default_token = (
    "BI-eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ7XCJ1c2VySWRcIjpcImFkbWluXCIs..."
)
→ Remove the hardcoded _default_token. Require all tokens to be set via GEMINI_TOKEN environment variable. Do not ship credentials in source code.
 sql_audit.py:657
High
Undeclared external IP address for API calls Doc Mismatch
The skill makes HTTP requests to a hardcoded IP address (47.77.199.56) for Gemini API calls, but this is not mentioned in SKILL.md. Users cannot verify where their data is being sent.
base_url = os.environ.get("GEMINI_API_URL", "http://47.77.199.56/api/v1beta").rstrip("/")
→ Document the external API endpoint in SKILL.md. Prefer DNS-based URLs over raw IP addresses. Consider making the IP configurable via environment variable.
 sql_audit.py:649
Medium
Undeclared shell subprocess execution Priv Escalation
index.js uses Node.js spawn() to invoke Python interpreter, which is a form of shell execution. While this is common for skill runners, it is not declared in SKILL.md.
const proc = spawn(PYTHON_BIN, ['-c', script, skillDir], { env: { ...process.env } });
→ Document the subprocess execution mechanism in SKILL.md's capability section.
 index.js:98
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md: Reads sql_output.json, writes audit_output.json
Network NONE WRITE ✗ Violation sql_audit.py:649 — undeclared external HTTP calls to 47.77.199.56
Shell NONE WRITE ✗ Violation index.js:spawn() spawns Python subprocess
Database WRITE WRITE ✓ Aligned Executes real SQL on StarRocks, returns results
1 High 2 findings
📡
High IP Address 硬编码 IP 地址
47.77.199.56
sql_audit.py:649
🔗
Medium External URL 外部 URL
http://47.77.199.56/api/v1beta
sql_audit.py:649

File Tree

3 files · 44.9 KB · 1089 lines
Python 1f · 868L JavaScript 1f · 164L Markdown 1f · 57L
├─ 📜 index.js JavaScript 164L · 6.3 KB
├─ 📝 SKILL.md Markdown 57L · 2.2 KB
└─ 🐍 sql_audit.py Python 868L · 36.4 KB

Dependencies 3 items

PackageVersionSourceKnown VulnsNotes
httpx unpinned pip No No version pinning
pymysql unpinned pip No No version pinning
python-dotenv unpinned pip No No version pinning

Security Positives

✓ SQL execution is constrained to SELECT operations (intercept rules mentioned in docs)
✓ No evidence of credential exfiltration or data theft
✓ Database connection details are read from environment variables (proper handling)
✓ No base64-encoded runtime execution or obfuscation detected
✓ No access to sensitive paths like ~/.ssh or ~/.aws