安全决策报告
github-code-analyzer
Hardcoded API credentials exposed in source code, undocumented external API communications to ByteDance VolcEngine instead of declared DeepSeek, and shell execution on user-controlled repository URLs.
最直接的威胁证据
01
Skill presents as legitimate GitHub code analyzer through SKILL.md reconnaissance · SKILL.md
02
Executes git clone on user-provided repository URLs resource_access · index.js
03
Reads project structure and code samples from cloned repositories data_collection · index.js
为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 5 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
Skill presents as legitimate GitHub code analyzer through SKILL.md
reconnaissance · SKILL.md:1
02
Executes git clone on user-provided repository URLs
resource_access · index.js:49
03
Reads project structure and code samples from cloned repositories
data_collection · index.js:63
04
Transmits repository data to undisclosed ByteDance VolcEngine API endpoint
数据外泄 · index.js:134
05
Hardcoded API key could be extracted and abused by attackers
最终危害 · index.js:7
风险分是怎么被拉高的
Hardcoded API credential +30
ARK_API_KEY = "3ee94c45-6dad-4680-827c-eb3017420dff" exposed in index.js:7
Undeclared external API +20
SKILL.md states DeepSeek but code calls ark.cn-beijing.volces.com (ByteDance VolcEngine)
Shell execution with user input +10
git clone executes on user-provided repo URLs without validation
Data sent to external service +5
Repository structure and code samples sent to external API
最关键的证据
高危
Hardcoded API Credential
API key '3ee94c45-6dad-4680-827c-eb3017420dff' is hardcoded in index.js:7. This exposes sensitive credentials in source code, making them easily extractable.
index.js:7 Use environment variables (process.env.ARK_API_KEY) instead of hardcoding credentials.
高危
Undeclared External API Communication
SKILL.md claims to use DeepSeek API, but code sends data to 'ark.cn-beijing.volces.com' (ByteDance VolcEngine API). Repository data and code samples are transmitted to this endpoint.
index.js:134 Update SKILL.md to accurately document the actual API endpoint and data being transmitted.
中危
Shell Command Injection Risk
User-provided repository URLs are passed directly to git clone command without sanitization. While git clone has some protection, malformed URLs could cause issues.
index.js:49 Validate repository URLs against expected format before execution.
中危
Missing Permission Declaration
SKILL.md does not declare shell execution (exec) or filesystem write operations used in the implementation.
index.js:46 Document all system capabilities including shell execution and filesystem operations in SKILL.md.
声明能力 vs 实际能力
文件系统 通过
声明 READ
→ 推断 WRITE
index.js:49 - fs.rmSync used for cleanup 命令执行 阻止
声明 NONE
→ 推断 WRITE
index.js:49 - exec(git clone...) without doc declaration 网络访问 阻止
声明 READ
→ 推断 WRITE
index.js:134 - POST to external API with repo data 环境变量 通过
声明 NONE
→ 推断 NONE
API key hardcoded instead of env var usage 可疑产物与外联
高危 API 密钥
API_KEY = "3ee94c45-6dad-4680-827c-eb3017420dff" index.js:7
中危 外部 URL
https://ark.cn-beijing.volces.com/api/v3/chat/completions index.js:134
依赖与供应链
没有结构化依赖告警。
文件构成
2 个文件 · 210 行
JavaScript 1 个文件 · 147 行Markdown 1 个文件 · 63 行
需关注文件 · 1
index.js Hardcoded API Credential · Undeclared External API Communication · Shell Command Injection Risk · Missing Permission Declaration · API_KEY = "3ee94c45-6dad-4680-827c-eb3017420dff" · https://ark.cn-beijing.volces.com/api/v3/chat/completions
其他文件 · SKILL.md
安全亮点
Code has error handling with try-catch blocks
Temporary directories are cleaned up after analysis
Includes timeout protection for git clone (60000ms) and API calls (60000ms)
No evidence of reverse shell, C2 communication, or deliberate data exfiltration to attacker-controlled infrastructure