中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 5/100
Last scan:16 hr ago Rescan
5 /100
ai-shifu-course-creator
Convert raw course material into optimized MarkdownFlow teaching scripts and deploy them as live AI-Shifu courses through a five-phase pipeline
A legitimate AI-Shifu course-authoring and deployment skill with no malicious behavior; all network IOCs resolve to the documented AI-Shifu platform, shell usage is declared for Phase 5 deployment, and no credential harvesting or data exfiltration is present.
Skill Nameai-shifu-course-creator
Duration63.9s
Enginepi
Safe to install
Consider explicitly listing shell:WRITE in the capability interface for Phase 5 CLI commands. No blocks needed.

Findings 2 items

Severity Finding Location
Low
Shell execution undeclared in skill interface Priv Escalation
The skill interface section does not list shell:WRITE, yet Phase 5 deployment documented in SKILL.md requires running CLI commands (python3 scripts/shifu-cli.py build/import/publish). This is a documentation gap rather than hidden behavior.
Use these optional controls across all phases
→ Add shell:WRITE to the allowed-tools mapping or document CLI invocation as a prerequisite in the Phase 5 section
 SKILL.md:464
Low
Network capability inferred as WRITE but declared as READ Doc Mismatch
SKILL.md implies read-only API access, but shifu-cli.py performs full CRUD operations (POST/PUT/DELETE) against the platform. This is expected behavior for a deployment tool but not reflected in the resource declaration.
Always use CLI commands. Never make raw HTTP/API calls directly.
→ Consider declaring network:WRITE for Phase 5 operations or clarify the resource model distinction between the skill's LLM reasoning and the CLI execution layer
 SKILL.md:483
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned shifu-cli.py reads course directories and lesson files for build/import
Network READ WRITE ✓ Aligned shifu-cli.py makes POST/PUT/DELETE API calls to app.ai-shifu.cn; SKILL.md line ~…
Shell NONE WRITE ✓ Aligned SKILL.md Phase 5 requires running 'python3 scripts/shifu-cli.py build --course-d…
Environment NONE READ ✓ Aligned Reads SHIFU_TOKEN and SHIFU_BASE_URL from .env via python-dotenv, scoped to own …
Skill Invoke NONE NONE No inter-skill invocation observed
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser automation
Database NONE NONE No direct database access
9 findings
🔗
Medium External URL 外部 URL
https://app.ai-shifu.cn/shifu/
SKILL.md:492
🔗
Medium External URL 外部 URL
https://app.ai-shifu.com/shifu/
SKILL.md:492
🔗
Medium External URL 外部 URL
https://app.ai-shifu.cn/c/
SKILL.md:493
🔗
Medium External URL 外部 URL
https://app.ai-shifu.com/c/
SKILL.md:493
🔗
Medium External URL 外部 URL
https://app.ai-shifu.cn/shifu/abc123-def456
examples/end-to-end-deploy.md:67
🔗
Medium External URL 外部 URL
https://app.ai-shifu.cn/c/abc123-def456?preview=true
examples/end-to-end-deploy.md:68
🔗
Medium External URL 外部 URL
https://app.ai-shifu.cn/c/abc123-def456?preview=true&lessonid=
examples/end-to-end-deploy.md:69
🔗
Medium External URL 外部 URL
https://app.ai-shifu.cn
references/cli-reference.md:21
🔗
Medium External URL 外部 URL
https://app.ai-shifu.com
references/cli-reference.md:21

File Tree

28 files · 142.4 KB · 3785 lines
Markdown 24f · 2113L Python 1f · 1126L HTML 1f · 340L JSON 1f · 202L YAML 1f · 4L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 4L · 361 B
├─ 📁 evals
│ ├─ 📁 trigger
│ │ ├─ 📝 trigger_eval_design.md Markdown 65L · 3.0 KB
│ │ └─ 📋 trigger_eval.json JSON 202L · 10.5 KB
│ └─ 📄 trigger_eval_report.html HTML 340L · 23.5 KB
├─ 📁 examples
│ ├─ 📝 deploy-only.md Markdown 55L · 1.3 KB
│ ├─ 📝 end-to-end-deploy.md Markdown 75L · 1.8 KB
│ ├─ 📝 fallback-mode.md Markdown 130L · 2.8 KB
│ ├─ 📝 generation-only.md Markdown 98L · 2.1 KB
│ ├─ 📝 optimization-only.md Markdown 100L · 2.4 KB
│ ├─ 📝 pipeline-full.md Markdown 111L · 2.6 KB
│ └─ 📝 segmentation-only.md Markdown 104L · 2.6 KB
├─ 📁 references
│ ├─ 📝 cli-reference.md Markdown 113L · 4.6 KB
│ ├─ 📝 cognitive-techniques.md Markdown 22L · 607 B
│ ├─ 📝 course-directory-spec.md Markdown 52L · 1.9 KB
│ ├─ 📝 import-json-format.md Markdown 41L · 1.2 KB
│ ├─ 📝 input-contract.md Markdown 85L · 2.2 KB
│ ├─ 📝 language-resolution.md Markdown 25L · 809 B
│ ├─ 📝 lesson-template.md Markdown 37L · 1.1 KB
│ ├─ 📝 markdownflow-spec.md Markdown 31L · 642 B
│ ├─ 📝 optimization-methodology.md Markdown 25L · 599 B
│ ├─ 📝 output-contract.md Markdown 102L · 2.3 KB
│ ├─ 📝 preservation-rules.md Markdown 23L · 548 B
│ ├─ 📝 report-template.md Markdown 115L · 2.3 KB
│ ├─ 📝 review-checklist.md Markdown 24L · 632 B
│ ├─ 📝 segmentation-rules.md Markdown 41L · 1.1 KB
│ └─ 📝 teaching-patterns.md Markdown 24L · 551 B
├─ 📁 scripts
│ └─ 🐍 shifu-cli.py Python 1126L · 44.2 KB
└─ 📝 SKILL.md Markdown 615L · 24.2 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
requests * pip No Version not pinned; standard HTTP library with no RCE vectors in this usage
python-dotenv * pip No Version not pinned; used only for local .env management with restricted file mode

Security Positives

✓ No credential harvesting: token is stored only in the skill's own .env file via python-dotenv with 0o600 permissions
✓ Path traversal protection: safe_join_path() uses realpath + prefix check before any file read/write
✓ No external IP connections beyond the documented AI-Shifu platform domains (app.ai-shifu.cn, app.ai-shifu.com)
✓ No base64 encoding, eval(), or obfuscated code execution
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env beyond own scope)
✓ No supply chain risks: requests and python-dotenv are well-maintained, pinned dependencies
✓ All 9 network IOCs are legitimate AI-Shifu platform URLs confirmed by pre-scan
✓ SMS login flow is clearly scoped to the course platform with no hidden data transmission
✓ Optimistic locking implemented for lesson updates to prevent race conditions
✓ Comprehensive eval suite (40 cases, 98% accuracy) confirms the skill behaves as documented