sql_audit 安全扫描报告 — 可疑 | ClawSafe

48 /100

sql_audit

SQL syntax and security audit + real execution, returns query data results

The skill contains hardcoded credentials and undeclared external network communication to a static IP, but implements legitimate SQL audit functionality without evidence of malicious data exfiltration.

技能名称sql_audit

分析耗时30.4s

引擎pi

⚠

谨慎使用

Remove hardcoded IP and JWT token, use environment variables exclusively. Document all external network calls in SKILL.md.

安全发现 3 项

严重性	安全发现	位置
高危	Hardcoded JWT token in source code 凭证窃取 A default JWT authentication token is hardcoded in _get_gemini_config() function. This token appears to contain base64-encoded user credentials (admin user). If this token is a real credential, it should be stored in environment variables only. `_default_token = ( "BI-eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ7XCJ1c2VySWRcIjpcImFkbWluXCIs..." )` → Remove the hardcoded _default_token. Require all tokens to be set via GEMINI_TOKEN environment variable. Do not ship credentials in source code.	`sql_audit.py:657`
高危	Undeclared external IP address for API calls 文档欺骗 The skill makes HTTP requests to a hardcoded IP address (47.77.199.56) for Gemini API calls, but this is not mentioned in SKILL.md. Users cannot verify where their data is being sent. `base_url = os.environ.get("GEMINI_API_URL", "http://47.77.199.56/api/v1beta").rstrip("/")` → Document the external API endpoint in SKILL.md. Prefer DNS-based URLs over raw IP addresses. Consider making the IP configurable via environment variable.	`sql_audit.py:649`
中危	Undeclared shell subprocess execution 权限提升 index.js uses Node.js spawn() to invoke Python interpreter, which is a form of shell execution. While this is common for skill runners, it is not declared in SKILL.md. `const proc = spawn(PYTHON_BIN, ['-c', script, skillDir], { env: { ...process.env } });` → Document the subprocess execution mechanism in SKILL.md's capability section.	`index.js:98`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md: Reads sql_output.json, writes audit_output.json
网络访问	`NONE`	`WRITE`	✗ 越权	sql_audit.py:649 — undeclared external HTTP calls to 47.77.199.56
命令执行	`NONE`	`WRITE`	✗ 越权	index.js:spawn() spawns Python subprocess
数据库	`WRITE`	`WRITE`	✓ 一致	Executes real SQL on StarRocks, returns results

1 高危 2 项发现

📡

高危 IP 地址硬编码 IP 地址

47.77.199.56

sql_audit.py:649

🔗

中危外部 URL 外部 URL

http://47.77.199.56/api/v1beta

sql_audit.py:649

目录结构

3 文件 · 44.9 KB · 1089 行

Python 1f · 868L JavaScript 1f · 164L Markdown 1f · 57L

├─ 📜 index.js JavaScript 164L · 6.3 KB

├─ 📝 SKILL.md Markdown 57L · 2.2 KB

└─ 🐍 sql_audit.py Python 868L · 36.4 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`httpx`	`unpinned`	pip	否	No version pinning
`pymysql`	`unpinned`	pip	否	No version pinning
`python-dotenv`	`unpinned`	pip	否	No version pinning

安全亮点

✓ SQL execution is constrained to SELECT operations (intercept rules mentioned in docs)

✓ No evidence of credential exfiltration or data theft

✓ Database connection details are read from environment variables (proper handling)

✓ No base64-encoded runtime execution or obfuscation detected

✓ No access to sensitive paths like ~/.ssh or ~/.aws