github-code-analyzer 安全扫描报告 — 高风险 | ClawSafe

65 /100

github-code-analyzer

Clone and analyze GitHub project code quality using DeepSeek AI

Hardcoded API credentials exposed in source code, undocumented external API communications to ByteDance VolcEngine instead of declared DeepSeek, and shell execution on user-controlled repository URLs.

技能名称github-code-analyzer

分析耗时30.0s

引擎pi

⛔

不要安装此技能

Remove hardcoded API key and use environment variables. Ensure documentation accurately reflects the actual API endpoint and data flows. Consider input validation for repository URLs to prevent command injection.

攻击链 5 步

⬡

提权 Skill presents as legitimate GitHub code analyzer through SKILL.md

SKILL.md:1

⬡

提权 Executes git clone on user-provided repository URLs

index.js:49

⬡

提权 Reads project structure and code samples from cloned repositories

index.js:63

⬡

提权 Transmits repository data to undisclosed ByteDance VolcEngine API endpoint

index.js:134

◉

影响 Hardcoded API key could be extracted and abused by attackers

index.js:7

安全发现 4 项

严重性	安全发现	位置
高危	Hardcoded API Credential API key '3ee94c45-6dad-4680-827c-eb3017420dff' is hardcoded in index.js:7. This exposes sensitive credentials in source code, making them easily extractable. `const ARK_API_KEY = "3ee94c45-6dad-4680-827c-eb3017420dff";` → Use environment variables (process.env.ARK_API_KEY) instead of hardcoding credentials.	`index.js:7`
高危	Undeclared External API Communication SKILL.md claims to use DeepSeek API, but code sends data to 'ark.cn-beijing.volces.com' (ByteDance VolcEngine API). Repository data and code samples are transmitted to this endpoint. `axios.post('https://ark.cn-beijing.volces.com/api/v3/chat/completions', ...)` → Update SKILL.md to accurately document the actual API endpoint and data being transmitted.	`index.js:134`
中危	Shell Command Injection Risk User-provided repository URLs are passed directly to git clone command without sanitization. While git clone has some protection, malformed URLs could cause issues. await execAsync(`git clone --depth 1 ${repoUrl} ${tempDir}`) → Validate repository URLs against expected format before execution.	`index.js:49`
中危	Missing Permission Declaration SKILL.md does not declare shell execution (exec) or filesystem write operations used in the implementation. `const { exec } = require('child_process');` → Document all system capabilities including shell execution and filesystem operations in SKILL.md.	`index.js:46`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`WRITE`	✓ 一致	index.js:49 - fs.rmSync used for cleanup
命令执行	`NONE`	`WRITE`	✗ 越权	index.js:49 - exec(git clone...) without doc declaration
网络访问	`READ`	`WRITE`	✗ 越权	index.js:134 - POST to external API with repo data
环境变量	`NONE`	`NONE`	—	API key hardcoded instead of env var usage

1 高危 2 项发现

🔑

高危 API 密钥疑似硬编码凭证

API_KEY = "3ee94c45-6dad-4680-827c-eb3017420dff"

index.js:7

🔗

中危外部 URL 外部 URL

https://ark.cn-beijing.volces.com/api/v3/chat/completions

index.js:134

目录结构

2 文件 · 5.9 KB · 210 行

JavaScript 1f · 147L Markdown 1f · 63L

├─ 📜 index.js JavaScript 147L · 4.4 KB

└─ 📝 SKILL.md Markdown 63L · 1.4 KB

安全亮点

✓ Code has error handling with try-catch blocks

✓ Temporary directories are cleaned up after analysis

✓ Includes timeout protection for git clone (60000ms) and API calls (60000ms)

✓ No evidence of reverse shell, C2 communication, or deliberate data exfiltration to attacker-controlled infrastructure