Skill Trust Decision
github-code-analyzer
Hardcoded API credentials exposed in source code, undocumented external API communications to ByteDance VolcEngine instead of declared DeepSeek, and shell execution on user-controlled repository URLs.
Most direct threat evidence
01
Skill presents as legitimate GitHub code analyzer through SKILL.md reconnaissance · SKILL.md
02
Executes git clone on user-provided repository URLs resource_access · index.js
03
Reads project structure and code samples from cloned repositories data_collection · index.js
Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 5 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
Attack Chain
01
Skill presents as legitimate GitHub code analyzer through SKILL.md
reconnaissance · SKILL.md:1
02
Executes git clone on user-provided repository URLs
resource_access · index.js:49
03
Reads project structure and code samples from cloned repositories
data_collection · index.js:63
04
Transmits repository data to undisclosed ByteDance VolcEngine API endpoint
Exfiltration · index.js:134
05
Hardcoded API key could be extracted and abused by attackers
Impact · index.js:7
What drove the risk score up
Hardcoded API credential +30
ARK_API_KEY = "3ee94c45-6dad-4680-827c-eb3017420dff" exposed in index.js:7
Undeclared external API +20
SKILL.md states DeepSeek but code calls ark.cn-beijing.volces.com (ByteDance VolcEngine)
Shell execution with user input +10
git clone executes on user-provided repo URLs without validation
Data sent to external service +5
Repository structure and code samples sent to external API
Most important evidence
High
Hardcoded API Credential
API key '3ee94c45-6dad-4680-827c-eb3017420dff' is hardcoded in index.js:7. This exposes sensitive credentials in source code, making them easily extractable.
index.js:7 Use environment variables (process.env.ARK_API_KEY) instead of hardcoding credentials.
High
Undeclared External API Communication
SKILL.md claims to use DeepSeek API, but code sends data to 'ark.cn-beijing.volces.com' (ByteDance VolcEngine API). Repository data and code samples are transmitted to this endpoint.
index.js:134 Update SKILL.md to accurately document the actual API endpoint and data being transmitted.
Medium
Shell Command Injection Risk
User-provided repository URLs are passed directly to git clone command without sanitization. While git clone has some protection, malformed URLs could cause issues.
index.js:49 Validate repository URLs against expected format before execution.
Medium
Missing Permission Declaration
SKILL.md does not declare shell execution (exec) or filesystem write operations used in the implementation.
index.js:46 Document all system capabilities including shell execution and filesystem operations in SKILL.md.
Declared capability vs actual capability
Filesystem Pass
Declared READ
→ Inferred WRITE
index.js:49 - fs.rmSync used for cleanup Shell Block
Declared NONE
→ Inferred WRITE
index.js:49 - exec(git clone...) without doc declaration Network Block
Declared READ
→ Inferred WRITE
index.js:134 - POST to external API with repo data Environment Pass
Declared NONE
→ Inferred NONE
API key hardcoded instead of env var usage Suspicious artifacts and egress
High API Key
API_KEY = "3ee94c45-6dad-4680-827c-eb3017420dff" index.js:7
Medium External URL
https://ark.cn-beijing.volces.com/api/v3/chat/completions index.js:134
Dependencies and supply chain
There are no structured dependency warnings.
File composition
2 files · 210 lines
JavaScript 1 files · 147 linesMarkdown 1 files · 63 lines
Files of concern · 1
index.js Hardcoded API Credential · Undeclared External API Communication · Shell Command Injection Risk · Missing Permission Declaration · API_KEY = "3ee94c45-6dad-4680-827c-eb3017420dff" · https://ark.cn-beijing.volces.com/api/v3/chat/completions
Other files · SKILL.md
Security positives
Code has error handling with try-catch blocks
Temporary directories are cleaned up after analysis
Includes timeout protection for git clone (60000ms) and API calls (60000ms)
No evidence of reverse shell, C2 communication, or deliberate data exfiltration to attacker-controlled infrastructure