中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 75/100
上次扫描:19 小时前 重新扫描
75 /100
boss-ai-assistant
Boss直聘AI助理,自动监控未读消息、AI智能回复、自动发送简历、自动同意交换微信
This Boss直聘 automation script contains multiple critical security issues: hardcoded API credentials, external IP communication for data exfiltration, self-update from untrusted server, and undeclared behaviors.
技能名称boss-ai-assistant
分析耗时49.7s
引擎pi
不要安装此技能
Do not deploy. Requires complete rewrite with environment-based configuration, removal of hardcoded credentials, server-side data handling, and removal of self-update mechanism.

攻击链 5 步

入口 User installs script from documentation
SKILL.md:14
提权 Script extracts all HR conversations and personal data
scripts/boss_ai_assistant.js:130
提权 Data POSTed to external IP without consent
scripts/boss_ai_assistant.js:130
提权 External server can serve malicious update via updateURL
scripts/boss_ai_assistant.js:15
影响 Hardcoded API keys enable unauthorized resource usage
scripts/boss_ai_assistant.js:28

安全发现 8 项

严重性 安全发现 位置
严重
Hardcoded DashScope API Key 凭证窃取
Real API key for Alibaba DashScope service is hardcoded in CONFIG object, allowing unauthorized API usage by anyone with access to the script.
apiKey: 'sk-22118c56659647e39ba847253e671062'
→ Move API key to environment variables or user configuration prompt, never hardcode in source.
 scripts/boss_ai_assistant.js:28
严重
Hardcoded Google Search API Key 凭证窃取
Google Custom Search API key is hardcoded, enabling unauthorized search quota consumption.
googleApiKey: '1c58b249fc64bd1183c1075c8a9f81e142d197096c384ffe0e3bc096932c8847'
→ Use user-configured API key or OAuth flow.
 scripts/boss_ai_assistant.js:36
严重
All Conversations Exfiltrated to External IP 数据外泄
Every HR conversation including personal job search data, contact info, and messages is sent to http://121.199.76.208/hr_api.php without explicit user consent or encryption.
url: `${CONFIG.apiBaseUrl}?action=save_message`
→ Do not exfiltrate data to external servers. Use localStorage or user-provided server.
 scripts/boss_ai_assistant.js:130
严重
Self-Update from Untrusted External IP 供应链
Script defines updateURL and downloadURL pointing to http://121.199.76.208/boss_auto_greet.user.js, allowing remote code injection if server is compromised.
@updateURL    http://121.199.76.208/boss_auto_greet.user.js
→ Remove external update mechanism or use signed updates from trusted source.
 scripts/boss_ai_assistant.js:15
高危
Personal Contact Information Hardcoded 敏感访问
Phone number (18611101221) and email ([email protected]) of the operator are hardcoded in RESUME object.
phone: '18611101221', email: '[email protected]'
→ Move to user configuration file.
 scripts/boss_ai_assistant.js:45
高危
Undeclared External Server Communication 文档欺骗
SKILL.md does not mention communication with http://121.199.76.208 server or data storage on external database. Users are unaware their conversations are being sent elsewhere.
聊天记录存服务器数据库
→ Document all external data flows and obtain informed consent from users.
 SKILL.md:1
高危
Undeclared Automated Actions 文档欺骗
Script automatically clicks 'agree' buttons for wechat exchange and resume requests without per-message user confirmation. This bypasses user intent verification.
agreeBtn.click();
→ Declare automatic agreement behavior or require user confirmation for each action.
 scripts/boss_ai_assistant.js:199
中危
Bark Push Notification with Embedded Key 敏感访问
Bark notification URL contains embedded device key, potentially exposing push channel.
barkUrl: 'https://api.day.app/BMtjb8EnZjV6qsRH4pgaqY/'
→ Make Bark URL configurable per user.
 scripts/boss_ai_assistant.js:29
资源类型声明权限推断权限状态证据
网络访问 NONE WRITE ✗ 越权 scripts/boss_ai_assistant.js:517 - POSTs to external APIs
浏览器 NONE WRITE ✗ 越权 scripts/boss_ai_assistant.js:199-229 - Auto-clicks agree buttons
1 严重 3 高危 15 项发现
🔑
严重 API 密钥 硬编码 API 密钥
sk-22118c56659647e39ba847253e671062
scripts/boss_ai_assistant.js:28
📡
高危 IP 地址 硬编码 IP 地址
121.199.76.208
scripts/boss_ai_assistant.js:13
🔑
高危 API 密钥 疑似硬编码凭证
apiKey: 'sk-22118c56659647e39ba847253e671062'
scripts/boss_ai_assistant.js:28
🔑
高危 API 密钥 疑似硬编码凭证
ApiKey: '1c58b249fc64bd1183c1075c8a9f81e142d197096c384ffe0e3bc096932c8847'
scripts/boss_ai_assistant.js:36
🔗
中危 外部 URL 外部 URL
https://www.zhipin.com/web/geek/chat*
SKILL.md:29
🔗
中危 外部 URL 外部 URL
https://dashscope.console.aliyun.com/
references/config.md:8
🔗
中危 外部 URL 外部 URL
https://programmablesearchengine.google.com/
references/config.md:14
🔗
中危 外部 URL 外部 URL
https://api.day.app/
references/config.md:19
🔗
中危 外部 URL 外部 URL
http://tampermonkey.net/
scripts/boss_ai_assistant.js:3
🔗
中危 外部 URL 外部 URL
https://www.google.com/s2/favicons?sz=64&domain=zhipin.com
scripts/boss_ai_assistant.js:8
🔗
中危 外部 URL 外部 URL
http://121.199.76.208/boss_auto_greet.user.js
scripts/boss_ai_assistant.js:15
🔗
中危 外部 URL 外部 URL
https://api.day.app/BMtjb8EnZjV6qsRH4pgaqY/
scripts/boss_ai_assistant.js:29
🔗
中危 外部 URL 外部 URL
http://121.199.76.208/hr_api.php
scripts/boss_ai_assistant.js:35
🔗
中危 外部 URL 外部 URL
https://dashscope.aliyuncs.com/compatible-mode/v1/chat/completions
scripts/boss_ai_assistant.js:517
📧
提示 邮箱 邮箱地址
[email protected]
scripts/boss_ai_assistant.js:46

目录结构

3 文件 · 38.8 KB · 999 行
JavaScript 1f · 899L Markdown 2f · 100L
├─ 📁 references
│ └─ 📝 config.md Markdown 57L · 1.2 KB
├─ 📁 scripts
│ └─ 📜 boss_ai_assistant.js JavaScript 899L · 36.4 KB
└─ 📝 SKILL.md Markdown 43L · 1.2 KB

安全亮点

✓ Script functionality matches stated purpose (Boss直聘 automation)
✓ No direct code obfuscation (base64, eval patterns not found)
✓ Uses standard Tampermonkey/ScriptCat API for cross-origin requests
✓ MutationObserver implementation is standard browser automation technique