Skill Trust Decision

gequhai-music

Name: gequhai-music Trust Review Report
Item: gequhai-music
Rating: 55
Author: ClawSafe

Skill contains hardcoded Synology credentials and base64 obfuscation for download URLs without full disclosure in documentation, presenting significant security risks for credential exposure and unauthorized NAS access.

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 16

Artifacts 5

Violations 1

Findings 5

Most direct threat evidence

High Credential Theft

Hardcoded Synology password not declared in documentation

Synology NAS password 'Xx654321' is hardcoded in scripts/gequhai_crawler.py line 215. SKILL.md only mentions username 'xiaoai' but does not disclose the password. This exposes credentials that could be extracted and reused for unauthorized NAS access.

scripts/gequhai_crawler.py:215

Why this conclusion was reached

3/4 dimensions flagged

Block

Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 0 attack-chain steps and 1 severe findings.

Review

Dependencies and supply chain hygiene

5 dependency or supply-chain issues need attention.

What drove the risk score up

Hardcoded credentials (undisclosed) +25

Synology password 'Xx654321' hardcoded in scripts/gequhai_crawler.py:215 - not declared in SKILL.md

Base64 obfuscation +10

Custom base64 encoding (#→H, %→S) used for high-quality download URLs - obfuscation without documented reason

Local network access to NAS +5

Skill can execute file operations on Synology NAS at 192.168.123.223:5000

No malicious exfiltration detected +-10

Credentials are used only for legitimate NAS access, not exfiltrated

Service auto-registration +5

Auto-registers to Skill Gateway at configurable URL

Most important evidence

High Credential Theft

Hardcoded Synology password not declared in documentation

scripts/gequhai_crawler.py:215

Use environment variables or secure credential storage. Declare credential usage in SKILL.md if intentional.

Medium Obfuscation

Base64 obfuscation for download URLs

The decode_modified_base64() function uses custom base64 encoding where # is replaced with H and % is replaced with S. While used for legitimate music download URLs, this obfuscation pattern is suspicious and could hide malicious payloads.

scripts/gequhai_crawler.py:52

If this is for legitimate URL encoding, document the scheme in SKILL.md. Consider using standard base64 if possible.

Medium Doc Mismatch

Undeclared filesystem write capability

SKILL.md declares network capabilities but the skill also writes to local data/ directory (music_cache.json, rename_queue.json) and performs file operations on Synology NAS (rename, move files). These filesystem WRITE operations are not documented.

scripts/gequhai_crawler.py:30

Document all filesystem operations in SKILL.md, including data/ directory writes and Synology file operations.

Low Priv Escalation

Auto-registration to configurable gateway URL

The FastAPI service auto-registers to a Skill Gateway at a URL controlled by environment variable SKILL_GATEWAY_URL. While this is a common pattern, it could be abused if the environment variable is compromised.

service/main.py:135

Verify the gateway URL is from a trusted source and consider hardcoding known-good gateway addresses.

Info Sensitive Access

Hardcoded local network IP address

Synology NAS IP address 192.168.123.223 is hardcoded. While this is declared in SKILL.md, hardcoded internal IPs are generally not recommended.

scripts/gequhai_crawler.py:211

Consider using environment variable for the NAS host address to support different deployment environments.

Declared capability vs actual capability

Network Pass

Declared READ

→

Inferred READ

Makes HTTP requests to gequhai.com

Shell Pass

Declared NONE

→

Inferred NONE

No subprocess/shell execution detected

Filesystem Block

Declared NONE

→

Inferred WRITE

Writes to data/ directory and Synology NAS

Database Pass

Declared NONE

→

Inferred NONE

No database access

Suspicious artifacts and egress

High IP Address

120.0.0.0

scripts/gequhai_crawler.py:30

Medium External URL

https://www.gequhai.com/

SKILL.md:26

Medium External URL

https://pan.quark.cn/s/276fd9172e63

data/download_info.json:30

Medium External URL

https://lv-sycdn.kuwo.cn/2d44367307dca6de508dc3d6437ca393/69b35b17/resource/30106/trackmedia/M500002eyjaI0NYQfW.mp3

data/download_info.json:31

Medium External URL

https://www.gequhai.com

scripts/gequhai_crawler.py:20

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
requests	`>=2.32.0`	requirements.txt	No	Pinned minimum version
beautifulsoup4	`*`	gequhai_crawler.py	No	Imported but not in requirements
fastapi	`>=0.115.0`	requirements.txt	No	Pinned minimum version
uvicorn	`>=0.32.0`	requirements.txt	No	Pinned minimum version
httpx	`>=0.27.0`	requirements.txt	No	Pinned minimum version

File composition

16 files · 1987 lines

Python 10 files · 1626 linesJSON 4 files · 224 linesMarkdown 1 files · 133 linesText 1 files · 4 lines

Files of concern · 4

scripts/gequhai_crawler.py Python · 925 lines

Hardcoded Synology password not declared in documentation · Base64 obfuscation for download URLs · Undeclared filesystem write capability · Hardcoded local network IP address · 120.0.0.0 · https://www.gequhai.com

service/main.py Python · 209 lines

Auto-registration to configurable gateway URL

SKILL.md Markdown · 133 lines

https://www.gequhai.com/

data/download_info.json JSON · 32 lines

https://pan.quark.cn/s/276fd9172e63 · https://lv-sycdn.kuwo.cn/2d44367307dca6de508dc3d6437ca393/69b35b17/resource/30106/trackmedia/M500002eyjaI0NYQfW.mp3

Other files · search_download.py · ranking.json · get_ranking.py · get_ranking_file.py · get_ranking_json.py · search_jj_new.py +2

16 files · 59.2 KB · 1987 lines

Python 10f · 1626LJSON 4f · 224LMarkdown 1f · 133LText 1f · 4L

├─ ▾ 📁 data

│ ├─ 📋 download_info.json JSON 32L · 792 B

│ ├─ 📋 jj_search.json JSON 4L · 61 B

│ ├─ 📋 ranking.json JSON 187L · 3.5 KB

│ └─ 📋 rename_queue.json JSON 1L · 2 B

├─ ▾ 📁 scripts

│ ├─ 🐍 gequhai_crawler.py Python 925L · 30.0 KB

│ ├─ 🐍 get_hot.py Python 18L · 554 B

│ ├─ 🐍 get_ranking.py Python 72L · 2.2 KB

│ ├─ 🐍 get_ranking_file.py Python 69L · 2.1 KB

│ ├─ 🐍 get_ranking_json.py Python 64L · 1.9 KB

│ ├─ 🐍 search_download.py Python 142L · 4.3 KB

│ ├─ 🐍 search_jj.py Python 45L · 1.4 KB

│ ├─ 🐍 search_jj_new.py Python 46L · 1.5 KB

│ └─ 🐍 test_search.py Python 36L · 1.1 KB

├─ ▾ 📁 service

│ ├─ 🐍 main.py Python 209L · 6.2 KB

│ └─ 📄 requirements.txt Text 4L · 64 B

└─ 📝 SKILL.md Markdown 133L · 3.6 KB

Security positives

No evidence of credential exfiltration - credentials used only for legitimate NAS access

No reverse shell, C2 communication, or data theft behavior detected

API authentication key is properly documented in SKILL.md

Uses standard HTTP libraries (requests, httpx) without suspicious patterns

No attempts to access sensitive paths like ~/.ssh, ~/.aws, or .env files

No curl|bash or wget|sh remote script execution patterns