中文 EN

Scan Report

Scan New Files

High Risk — Risk Score 75/100
Last scan:19 hr ago Rescan
75 /100
boss-ai-assistant
Boss直聘AI助理,自动监控未读消息、AI智能回复、自动发送简历、自动同意交换微信
This Boss直聘 automation script contains multiple critical security issues: hardcoded API credentials, external IP communication for data exfiltration, self-update from untrusted server, and undeclared behaviors.
Skill Nameboss-ai-assistant
Duration49.7s
Enginepi
Do not install this skill
Do not deploy. Requires complete rewrite with environment-based configuration, removal of hardcoded credentials, server-side data handling, and removal of self-update mechanism.

Attack Chain 5 steps

Entry User installs script from documentation
SKILL.md:14
Escalation Script extracts all HR conversations and personal data
scripts/boss_ai_assistant.js:130
Escalation Data POSTed to external IP without consent
scripts/boss_ai_assistant.js:130
Escalation External server can serve malicious update via updateURL
scripts/boss_ai_assistant.js:15
Impact Hardcoded API keys enable unauthorized resource usage
scripts/boss_ai_assistant.js:28

Findings 8 items

Severity Finding Location
Critical
Hardcoded DashScope API Key Credential Theft
Real API key for Alibaba DashScope service is hardcoded in CONFIG object, allowing unauthorized API usage by anyone with access to the script.
apiKey: 'sk-22118c56659647e39ba847253e671062'
→ Move API key to environment variables or user configuration prompt, never hardcode in source.
 scripts/boss_ai_assistant.js:28
Critical
Hardcoded Google Search API Key Credential Theft
Google Custom Search API key is hardcoded, enabling unauthorized search quota consumption.
googleApiKey: '1c58b249fc64bd1183c1075c8a9f81e142d197096c384ffe0e3bc096932c8847'
→ Use user-configured API key or OAuth flow.
 scripts/boss_ai_assistant.js:36
Critical
All Conversations Exfiltrated to External IP Data Exfil
Every HR conversation including personal job search data, contact info, and messages is sent to http://121.199.76.208/hr_api.php without explicit user consent or encryption.
url: `${CONFIG.apiBaseUrl}?action=save_message`
→ Do not exfiltrate data to external servers. Use localStorage or user-provided server.
 scripts/boss_ai_assistant.js:130
Critical
Self-Update from Untrusted External IP Supply Chain
Script defines updateURL and downloadURL pointing to http://121.199.76.208/boss_auto_greet.user.js, allowing remote code injection if server is compromised.
@updateURL    http://121.199.76.208/boss_auto_greet.user.js
→ Remove external update mechanism or use signed updates from trusted source.
 scripts/boss_ai_assistant.js:15
High
Personal Contact Information Hardcoded Sensitive Access
Phone number (18611101221) and email ([email protected]) of the operator are hardcoded in RESUME object.
phone: '18611101221', email: '[email protected]'
→ Move to user configuration file.
 scripts/boss_ai_assistant.js:45
High
Undeclared External Server Communication Doc Mismatch
SKILL.md does not mention communication with http://121.199.76.208 server or data storage on external database. Users are unaware their conversations are being sent elsewhere.
聊天记录存服务器数据库
→ Document all external data flows and obtain informed consent from users.
 SKILL.md:1
High
Undeclared Automated Actions Doc Mismatch
Script automatically clicks 'agree' buttons for wechat exchange and resume requests without per-message user confirmation. This bypasses user intent verification.
agreeBtn.click();
→ Declare automatic agreement behavior or require user confirmation for each action.
 scripts/boss_ai_assistant.js:199
Medium
Bark Push Notification with Embedded Key Sensitive Access
Bark notification URL contains embedded device key, potentially exposing push channel.
barkUrl: 'https://api.day.app/BMtjb8EnZjV6qsRH4pgaqY/'
→ Make Bark URL configurable per user.
 scripts/boss_ai_assistant.js:29
ResourceDeclaredInferredStatusEvidence
Network NONE WRITE ✗ Violation scripts/boss_ai_assistant.js:517 - POSTs to external APIs
Browser NONE WRITE ✗ Violation scripts/boss_ai_assistant.js:199-229 - Auto-clicks agree buttons
1 Critical 3 High 15 findings
🔑
Critical API Key 硬编码 API 密钥
sk-22118c56659647e39ba847253e671062
scripts/boss_ai_assistant.js:28
📡
High IP Address 硬编码 IP 地址
121.199.76.208
scripts/boss_ai_assistant.js:13
🔑
High API Key 疑似硬编码凭证
apiKey: 'sk-22118c56659647e39ba847253e671062'
scripts/boss_ai_assistant.js:28
🔑
High API Key 疑似硬编码凭证
ApiKey: '1c58b249fc64bd1183c1075c8a9f81e142d197096c384ffe0e3bc096932c8847'
scripts/boss_ai_assistant.js:36
🔗
Medium External URL 外部 URL
https://www.zhipin.com/web/geek/chat*
SKILL.md:29
🔗
Medium External URL 外部 URL
https://dashscope.console.aliyun.com/
references/config.md:8
🔗
Medium External URL 外部 URL
https://programmablesearchengine.google.com/
references/config.md:14
🔗
Medium External URL 外部 URL
https://api.day.app/
references/config.md:19
🔗
Medium External URL 外部 URL
http://tampermonkey.net/
scripts/boss_ai_assistant.js:3
🔗
Medium External URL 外部 URL
https://www.google.com/s2/favicons?sz=64&domain=zhipin.com
scripts/boss_ai_assistant.js:8
🔗
Medium External URL 外部 URL
http://121.199.76.208/boss_auto_greet.user.js
scripts/boss_ai_assistant.js:15
🔗
Medium External URL 外部 URL
https://api.day.app/BMtjb8EnZjV6qsRH4pgaqY/
scripts/boss_ai_assistant.js:29
🔗
Medium External URL 外部 URL
http://121.199.76.208/hr_api.php
scripts/boss_ai_assistant.js:35
🔗
Medium External URL 外部 URL
https://dashscope.aliyuncs.com/compatible-mode/v1/chat/completions
scripts/boss_ai_assistant.js:517
📧
Info Email 邮箱地址
[email protected]
scripts/boss_ai_assistant.js:46

File Tree

3 files · 38.8 KB · 999 lines
JavaScript 1f · 899L Markdown 2f · 100L
├─ 📁 references
│ └─ 📝 config.md Markdown 57L · 1.2 KB
├─ 📁 scripts
│ └─ 📜 boss_ai_assistant.js JavaScript 899L · 36.4 KB
└─ 📝 SKILL.md Markdown 43L · 1.2 KB

Security Positives

✓ Script functionality matches stated purpose (Boss直聘 automation)
✓ No direct code obfuscation (base64, eval patterns not found)
✓ Uses standard Tampermonkey/ScriptCat API for cross-origin requests
✓ MutationObserver implementation is standard browser automation technique