中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:17 小时前 重新扫描
15 /100
aurashot-character-skill
Character-consistent AI image generation — same person, any outfit, any scene, every time. Identity-preserving face swap and outfit changes via AuraShot API.
A legitimate character-consistent image generation API client with a minor documentation gap (undeclared filesystem:WRITE for output directories) but no malicious behavior detected.
技能名称aurashot-character-skill
分析耗时45.3s
引擎pi
可以安装
Update SKILL.md metadata to declare filesystem:WRITE permission for output directories, and consider declaring environment:READ for AURASHOT_API_KEY. Otherwise safe to use.

安全发现 2 项

严重性 安全发现 位置
低危
Undeclared filesystem:WRITE permission 文档欺骗
SKILL.md metadata declares filesystem:NONE but the script writes generated images to user-specified output directories (e.g., avatars/{name}/gallery/). This is a necessary and benign operation for the image generation feature, but it is not documented.
requires:
  bins: ["python3"]
  env: ["AURASHOT_API_KEY", "AURASHOT_STUDIO_KEY"]
→ Add filesystem:WRITE to declared permissions or document the output directory behavior in the SKILL.md body.
 SKILL.md:5
低危
Undeclared environment:READ permission 文档欺骗
SKILL.md does not declare that the script reads AURASHOT_API_KEY and AURASHOT_STUDIO_KEY from os.environ. This is necessary and benign — the skill needs its own API key — but it should be declared.
env: ["AURASHOT_API_KEY", "AURASHOT_STUDIO_KEY"]
→ Add environment:READ to declared permissions to accurately reflect the skill's needs.
 SKILL.md:5
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✗ 越权 scripts/aurashot.py:226 — output_path.parent.mkdir(parents=True, exist_ok=True);…
网络访问 READ READ ✓ 一致 All network calls go to https://www.aurashot.art — legitimate API service
命令执行 NONE NONE No subprocess, os.system, or shell command execution found
环境变量 NONE READ ✗ 越权 scripts/aurashot.py:72 — os.environ.get('AURASHOT_API_KEY') and 'AURASHOT_STUDIO…
浏览器 NONE NONE N/A — no browser interaction
数据库 NONE NONE N/A — no database access
剪贴板 NONE NONE N/A — no clipboard access
技能调用 NONE NONE N/A — no cross-skill invocation
7 项发现
🔗
中危 外部 URL 外部 URL
https://www.aurashot.art/login
README.md:37
🔗
中危 外部 URL 外部 URL
https://www.aurashot.art/studio?tab=keys
README.md:38
🔗
中危 外部 URL 外部 URL
https://www.aurashot.art/studio?tab=billing
README.md:40
🔗
中危 外部 URL 外部 URL
https://www.aurashot.art
README.md:49
🔗
中危 外部 URL 外部 URL
https://www.aurashot.art/studio?tab=docs
README.md:50
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/whbzju/aurashot-character-skill
README.md:51
🔗
中危 外部 URL 外部 URL
https://cdn.example.com/result.png
SKILL.md:169

目录结构

5 文件 · 41.0 KB · 999 行
Python 1f · 500L Markdown 3f · 496L YAML 1f · 3L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 3L · 366 B
├─ 📁 references
│ └─ 📝 api.md Markdown 154L · 4.9 KB
├─ 📁 scripts
│ └─ 🐍 aurashot.py Python 500L · 20.4 KB
├─ 📝 README.md Markdown 51L · 2.0 KB
└─ 📝 SKILL.md Markdown 291L · 13.4 KB

安全亮点

✓ No subprocess, shell execution, or eval() calls — pure Python standard library
✓ No obfuscation (no base64, no encoded strings, no anti-analysis tricks)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, etc.)
✓ No data exfiltration — all network traffic is to the legitimate AuraShot API (https://www.aurashot.art)
✓ No credential harvesting — environment variable access is scoped to AURASHOT_API_KEY/AURASHOT_STUDIO_KEY only
✓ File operations are scoped to user-specified paths (avatars/*) and uploaded images only
✓ SSL certificate validation with fallback only for CDN image downloads
✓ No supply chain risk — no external dependencies, pure Python standard library
✓ API reference documentation (references/api.md) is accurate and consistent with implementation