中文 EN

Scan Report

Scan New Files

High Risk — Risk Score 65/100
Last scan:2 days ago Rescan
65 /100
github-code-analyzer
Clone and analyze GitHub project code quality using DeepSeek AI
Hardcoded API credentials exposed in source code, undocumented external API communications to ByteDance VolcEngine instead of declared DeepSeek, and shell execution on user-controlled repository URLs.
Skill Namegithub-code-analyzer
Duration30.0s
Enginepi
Do not install this skill
Remove hardcoded API key and use environment variables. Ensure documentation accurately reflects the actual API endpoint and data flows. Consider input validation for repository URLs to prevent command injection.

Attack Chain 5 steps

Escalation Skill presents as legitimate GitHub code analyzer through SKILL.md
SKILL.md:1
Escalation Executes git clone on user-provided repository URLs
index.js:49
Escalation Reads project structure and code samples from cloned repositories
index.js:63
Escalation Transmits repository data to undisclosed ByteDance VolcEngine API endpoint
index.js:134
Impact Hardcoded API key could be extracted and abused by attackers
index.js:7

Findings 4 items

Severity Finding Location
High
Hardcoded API Credential
API key '3ee94c45-6dad-4680-827c-eb3017420dff' is hardcoded in index.js:7. This exposes sensitive credentials in source code, making them easily extractable.
const ARK_API_KEY = "3ee94c45-6dad-4680-827c-eb3017420dff";
→ Use environment variables (process.env.ARK_API_KEY) instead of hardcoding credentials.
 index.js:7
High
Undeclared External API Communication
SKILL.md claims to use DeepSeek API, but code sends data to 'ark.cn-beijing.volces.com' (ByteDance VolcEngine API). Repository data and code samples are transmitted to this endpoint.
axios.post('https://ark.cn-beijing.volces.com/api/v3/chat/completions', ...)
→ Update SKILL.md to accurately document the actual API endpoint and data being transmitted.
 index.js:134
Medium
Shell Command Injection Risk
User-provided repository URLs are passed directly to git clone command without sanitization. While git clone has some protection, malformed URLs could cause issues.
await execAsync(`git clone --depth 1 ${repoUrl} ${tempDir}`)
→ Validate repository URLs against expected format before execution.
 index.js:49
Medium
Missing Permission Declaration
SKILL.md does not declare shell execution (exec) or filesystem write operations used in the implementation.
const { exec } = require('child_process');
→ Document all system capabilities including shell execution and filesystem operations in SKILL.md.
 index.js:46
ResourceDeclaredInferredStatusEvidence
Filesystem READ WRITE ✓ Aligned index.js:49 - fs.rmSync used for cleanup
Shell NONE WRITE ✗ Violation index.js:49 - exec(git clone...) without doc declaration
Network READ WRITE ✗ Violation index.js:134 - POST to external API with repo data
Environment NONE NONE API key hardcoded instead of env var usage
1 High 2 findings
🔑
High API Key 疑似硬编码凭证
API_KEY = "3ee94c45-6dad-4680-827c-eb3017420dff"
index.js:7
🔗
Medium External URL 外部 URL
https://ark.cn-beijing.volces.com/api/v3/chat/completions
index.js:134

File Tree

2 files · 5.9 KB · 210 lines
JavaScript 1f · 147L Markdown 1f · 63L
├─ 📜 index.js JavaScript 147L · 4.4 KB
└─ 📝 SKILL.md Markdown 63L · 1.4 KB

Security Positives

✓ Code has error handling with try-catch blocks
✓ Temporary directories are cleaned up after analysis
✓ Includes timeout protection for git clone (60000ms) and API calls (60000ms)
✓ No evidence of reverse shell, C2 communication, or deliberate data exfiltration to attacker-controlled infrastructure