安全决策报告
boss-ai-assistant
This Boss直聘 automation script contains multiple critical security issues: hardcoded API credentials, external IP communication for data exfiltration, self-update from untrusted server, and undeclared behaviors.
最直接的威胁证据
严重 凭证窃取
Hardcoded DashScope API Key Real API key for Alibaba DashScope service is hardcoded in CONFIG object, allowing unauthorized API usage by anyone with access to the script.
scripts/boss_ai_assistant.js:28 为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 4 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 5 步攻击链,另有 7 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
User installs script from documentation
初始入口 · SKILL.md:14
02
Script extracts all HR conversations and personal data
权限提升 · scripts/boss_ai_assistant.js:130
03
Data POSTed to external IP without consent
权限提升 · scripts/boss_ai_assistant.js:130
04
External server can serve malicious update via updateURL
权限提升 · scripts/boss_ai_assistant.js:15
05
Hardcoded API keys enable unauthorized resource usage
最终危害 · scripts/boss_ai_assistant.js:28
风险分是怎么被拉高的
Hardcoded DashScope API key +20
Real API key 'sk-22118c56659647e39ba847253e671062' exposed at line 28
Hardcoded Google API key +15
Google Search API key '1c58b249fc64bd...' exposed at line 36
External IP data exfiltration +20
All HR conversations sent to http://121.199.76.208/hr_api.php without user consent
Self-update from external server +15
updateURL/downloadURL points to untrusted IP, could serve malicious code
Undeclared auto-agreements +10
Auto-agrees to wechat/resume exchange without explicit user action per message
Personal data in code +5
Phone, email, name hardcoded in RESUME object
最关键的证据
严重 凭证窃取
Hardcoded DashScope API Key
Real API key for Alibaba DashScope service is hardcoded in CONFIG object, allowing unauthorized API usage by anyone with access to the script.
scripts/boss_ai_assistant.js:28 Move API key to environment variables or user configuration prompt, never hardcode in source.
严重 凭证窃取
Hardcoded Google Search API Key
Google Custom Search API key is hardcoded, enabling unauthorized search quota consumption.
scripts/boss_ai_assistant.js:36 Use user-configured API key or OAuth flow.
严重 数据外泄
All Conversations Exfiltrated to External IP
Every HR conversation including personal job search data, contact info, and messages is sent to http://121.199.76.208/hr_api.php without explicit user consent or encryption.
scripts/boss_ai_assistant.js:130 Do not exfiltrate data to external servers. Use localStorage or user-provided server.
严重 供应链
Self-Update from Untrusted External IP
Script defines updateURL and downloadURL pointing to http://121.199.76.208/boss_auto_greet.user.js, allowing remote code injection if server is compromised.
scripts/boss_ai_assistant.js:15 Remove external update mechanism or use signed updates from trusted source.
高危 敏感访问
Personal Contact Information Hardcoded
Phone number (18611101221) and email ([email protected]) of the operator are hardcoded in RESUME object.
scripts/boss_ai_assistant.js:45 Move to user configuration file.
高危 文档欺骗
Undeclared External Server Communication
SKILL.md does not mention communication with http://121.199.76.208 server or data storage on external database. Users are unaware their conversations are being sent elsewhere.
SKILL.md:1 Document all external data flows and obtain informed consent from users.
高危 文档欺骗
Undeclared Automated Actions
Script automatically clicks 'agree' buttons for wechat exchange and resume requests without per-message user confirmation. This bypasses user intent verification.
scripts/boss_ai_assistant.js:199 Declare automatic agreement behavior or require user confirmation for each action.
中危 敏感访问
Bark Push Notification with Embedded Key
Bark notification URL contains embedded device key, potentially exposing push channel.
scripts/boss_ai_assistant.js:29 Make Bark URL configurable per user.
声明能力 vs 实际能力
网络访问 阻止
声明 NONE
→ 推断 WRITE
scripts/boss_ai_assistant.js:517 - POSTs to external APIs 浏览器 阻止
声明 NONE
→ 推断 WRITE
scripts/boss_ai_assistant.js:199-229 - Auto-clicks agree buttons 可疑产物与外联
严重 API 密钥
sk-22118c56659647e39ba847253e671062 scripts/boss_ai_assistant.js:28
高危 IP 地址
121.199.76.208 scripts/boss_ai_assistant.js:13
高危 API 密钥
apiKey: 'sk-22118c56659647e39ba847253e671062' scripts/boss_ai_assistant.js:28
高危 API 密钥
ApiKey: '1c58b249fc64bd1183c1075c8a9f81e142d197096c384ffe0e3bc096932c8847' scripts/boss_ai_assistant.js:36
中危 外部 URL
https://www.zhipin.com/web/geek/chat* SKILL.md:29
中危 外部 URL
https://dashscope.console.aliyun.com/ references/config.md:8
中危 外部 URL
https://programmablesearchengine.google.com/ references/config.md:14
中危 外部 URL
https://api.day.app/ references/config.md:19
中危 外部 URL
http://tampermonkey.net/ scripts/boss_ai_assistant.js:3
中危 外部 URL
https://www.google.com/s2/favicons?sz=64&domain=zhipin.com scripts/boss_ai_assistant.js:8
中危 外部 URL
http://121.199.76.208/boss_auto_greet.user.js scripts/boss_ai_assistant.js:15
中危 外部 URL
https://api.day.app/BMtjb8EnZjV6qsRH4pgaqY/ scripts/boss_ai_assistant.js:29
依赖与供应链
没有结构化依赖告警。
文件构成
3 个文件 · 999 行
JavaScript 1 个文件 · 899 行Markdown 2 个文件 · 100 行
需关注文件 · 3
scripts/boss_ai_assistant.js Hardcoded DashScope API Key · Hardcoded Google Search API Key · All Conversations Exfiltrated to External IP · Self-Update from Untrusted External IP · Personal Contact Information Hardcoded · Undeclared Automated Actions · Bark Push Notification with Embedded Key · sk-22118c56659647e39ba847253e671062 · 121.199.76.208 · apiKey: 'sk-22118c56659647e39ba847253e671062' · ApiKey: '1c58b249fc64bd1183c1075c8a9f81e142d197096c384ffe0e3bc096932c8847' · http://tampermonkey.net/ · https://www.google.com/s2/favicons?sz=64&domain=zhipin.com · http://121.199.76.208/boss_auto_greet.user.js · https://api.day.app/BMtjb8EnZjV6qsRH4pgaqY/ · http://121.199.76.208/hr_api.php · https://dashscope.aliyuncs.com/compatible-mode/v1/chat/completions · [email protected]
SKILL.md Undeclared External Server Communication · https://www.zhipin.com/web/geek/chat*
references/config.md https://dashscope.console.aliyun.com/ · https://programmablesearchengine.google.com/ · https://api.day.app/
安全亮点
Script functionality matches stated purpose (Boss直聘 automation)
No direct code obfuscation (base64, eval patterns not found)
Uses standard Tampermonkey/ScriptCat API for cross-origin requests
MutationObserver implementation is standard browser automation technique