中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 18/100
Last scan:1 day ago Rescan
18 /100
contractor-marketing
AI marketing department for contractors and home service businesses. Handles SEO, advertising, social media, email, proposals, review responses, competitor monitoring, and job costing.
A legitimate contractor marketing skill with no malicious code; concerns are limited to a hardcoded read-only API key in documentation and undocumented network access via curl.
Skill Namecontractor-marketing
Duration51.8s
Enginepi
Safe to install
Move the Supabase API key to an environment variable instead of hardcoding it in SKILL.md. Add explicit capability declarations (network:READ, shell:WRITE) if shell commands are expected to be executed.

Findings 3 items

Severity Finding Location
Medium
Hardcoded Supabase API Key in SKILL.md Credential Theft
A Supabase anon-key JWT token is embedded in plain text in SKILL.md (lines 21 and 27). While this is a read-only anon key, embedding credentials in documentation is a security anti-pattern. If the file is shared, logged, or published, the key could be scraped and abused.
-H "apikey=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImRtbHliY25wd3RuYWFkbWFwZGhsIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NDMxOTk4NzMsImV4cCI6MjA1ODc3NTg3M30.kVMGdVCPJMFwiVn-OWpMFIGJWJCYzaOGxFsZPJSq5s4"
→ Replace the hardcoded key with an environment variable reference (e.g., SUPABASE_ANON_KEY) and document that the user must set this variable.
 SKILL.md:21
Low
Undeclared Network and Shell Capabilities Doc Mismatch
The SKILL.md instructs the agent to execute curl commands (shell:WRITE + network:READ) but these capabilities are not formally declared. This creates a doc-to-capability mismatch. The tool mapping implies Bash → shell:WRITE and WebFetch → network:READ, but neither is listed.
curl -s "https://dmlybcnpwtnaadmapdhl.supabase.co/rest/v1/strategies?select=title,...
→ Add explicit allowed-tools declarations in the skill metadata for Bash and/or network access. Document the purpose of each external network call.
 SKILL.md:20
Low
No Dependency Pinning Supply Chain
As a pure Markdown skill with no scripts, there are no package.json, requirements.txt, or Cargo.toml files. However, the skill depends on an external Supabase endpoint that is not pinned to a specific version or snapshot. The endpoint's behavior could change.
https://dmlybcnpwtnaadmapdhl.supabase.co/rest/v1/strategies
→ Consider pinning to a specific API version or replicating the strategy library locally to avoid reliance on an external service.
 SKILL.md:21
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No file operations found; skill only reads reference Markdown files
Network NONE READ ✓ Aligned SKILL.md:21-27 instructs curl GET to external Supabase REST endpoint
Shell NONE WRITE ✓ Aligned SKILL.md:21-27: curl commands embedded in documentation imply shell execution ca…
2 findings
🔗
Medium External URL 外部 URL
https://dmlybcnpwtnaadmapdhl.supabase.co/rest/v1/strategies?select=title
SKILL.md:21
🔗
Medium External URL 外部 URL
https://dmlybcnpwtnaadmapdhl.supabase.co/rest/v1/strategies?or=(title.ilike.*QUERY*
SKILL.md:27

File Tree

5 files · 8.8 KB · 245 lines
Markdown 5f · 245L
├─ 📁 references
│ ├─ 📝 ad-creative-angles.md Markdown 37L · 1.2 KB
│ ├─ 📝 onboarding-questions.md Markdown 42L · 1.5 KB
│ ├─ 📝 proposal-template.md Markdown 45L · 1.2 KB
│ └─ 📝 review-response-rules.md Markdown 30L · 821 B
└─ 📝 SKILL.md Markdown 91L · 4.2 KB

Security Positives

✓ No executable scripts or binaries — skill is entirely Markdown documentation
✓ No sensitive file access attempts (no ~/.ssh, ~/.aws, .env, or similar paths)
✓ No credential harvesting or exfiltration behavior detected
✓ No obfuscation techniques (no base64, eval, or anti-analysis patterns)
✓ Network access is declared in documentation and has a plausible legitimate purpose (fetching marketing strategy content)
✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)
✓ Outbound network calls use GET only (read operations), with no POST of user data
✓ All content is in plain text — no hidden instructions in HTML comments or steganography