Scan Report
This report was generated in Chinese. Some content may be in Chinese.
35 /100
gpt-chat
GPT聊天 - 使用GPT模型进行对话和内容生成
发现多处文档未声明的阴影功能(server.js HTTP服务器、generate-article.js文件写入),存在doc_deception特征但无明显恶意行为证据
Use with caution
要求开发者补充完整文档,明确声明所有脚本功能;server.js监听端口3456且无认证,建议移除或明确警告
Findings 4 items
| Severity | Finding | Location |
|---|---|---|
| Medium | 未声明的HTTP服务器 Doc Mismatch | scripts/server.js:47 |
| Medium | 未声明的文件写入操作 Doc Mismatch | scripts/generate-article.js:57 |
| Low | 依赖版本未锁定 Supply Chain | package.json:1 |
| Low | 测试脚本未声明 Doc Mismatch | scripts/:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | WRITE | ✗ Violation | SKILL.md未声明server.js的HTTP服务端口3456 |
| Filesystem | NONE | WRITE | ✗ Violation | generate-article.js:57 fs.writeFileSync写入本地文件 |
| Environment | READ | READ | ✓ Aligned | gpt.js:7读取OPENAI_API_KEY |
1 findings
Medium External URL 外部 URL
https://api.openai-proxy.org scripts/gpt.js:11 File Tree
9 files · 14.1 KB · 530 lines JavaScript 6f · 455L
Markdown 1f · 60L
JSON 2f · 15L
├─
▾
scripts
│ ├─
generate-article.js
JavaScript
│ ├─
gpt.js
JavaScript
│ ├─
server.js
JavaScript
│ ├─
state.json
JSON
│ ├─
test-chat.js
JavaScript
│ ├─
test-key.js
JavaScript
│ └─
test.js
JavaScript
├─
package.json
JSON
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
无显式依赖 | N/A | package.json | No | 仅使用Node.js内置模块(fs, https, http, url, path) |
Security Positives
✓ 代码结构清晰,无明显混淆或恶意编码
✓ 环境变量读取符合声明(OPENAI_API_KEY)
✓ 未发现凭证收割、远程代码执行等高危行为
✓ API调用逻辑正常,无C2通信特征