中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 55/100
上次扫描:1 天前 重新扫描
55 /100
ai-beauty
Edit image to beautify faces or portraits in it. Use when (1) User requests to process an image, (2) User asks to beautify a photo.
The skill makes undisclosed outbound network requests to verify its token against a remote server before downloading an opaque binary, contradicting the Chinese documentation claim that all processing is local.
技能名称ai-beauty
分析耗时42.3s
引擎pi
谨慎使用
Remove or fix the misleading Chinese claim about '全程本地处理' (fully local processing). Add cryptographic verification (e.g., SHA256 hash) for the downloaded binary. Pin the `requests` package version. Declare all network domains in metadata.

安全发现 5 项

严重性 安全发现 位置
高危
Contradictory claim of local-only processing 文档欺骗
The Chinese documentation prominently states '全程本地处理您的照片,不上传到任何服务器' (all photo processing is done locally, not uploaded to any server). However, init.py sends the BITSOUL_TOKEN to info.aicodingyard.com/api/download_file to obtain a download URL on every initialization, and the downloaded binary is then executed with the token as a command-line argument. This is a direct doc-to-code mismatch.
全程本地处理您的照片,不上传到任何服务器
→ Remove the false local-processing claim or replace with an accurate description of the token verification and binary download flow
 SKILL.md:8
高危
Token transmitted in plaintext HTTP GET request 数据外泄
The BITSOUL_TOKEN is sent as a URL query parameter ('token_key') over HTTP to info.aicodingyard.com. This exposes the user's credential in plaintext on the network, vulnerable to interception.
BASE_URL = "http://info.aicodingyard.com"
→ Use HTTPS and ensure the server validates TLS certificates properly. Consider using POST with a request body instead of query parameters.
 BitSoulFaceBeautySkill/init.py:14
中危
No integrity verification for downloaded binary 供应链
BitSoulBeauty.exe is downloaded from the remote server on every init (when missing) with no hash verification, signature check, or pinned version. The binary is then executed via shell with the token as an argument, giving it arbitrary code execution capability.
download_data_file("BitSoulBeauty.exe", exe_file, max_retries=3)
→ Pin the binary's SHA256 hash in the source code and verify it after download. Document the binary's provenance.
 BitSoulFaceBeautySkill/init.py:43
中危
Token passed as command-line argument 凭证窃取
The BITSOUL_TOKEN is passed as a shell command-line argument to BitSoulBeauty.exe. Command-line arguments are visible in process listings (/proc/PID/cmdline) and shell history, increasing exposure risk.
./BitSoulFaceBeautySkill/BitSoulBeauty.exe BITSOUL_TOKEN IMAGE_PATH...
→ Pass the token via environment variable instead of command-line argument.
 SKILL.md:75
低危
Unpinned requests dependency 供应链
The 'requests' package has no version constraint in the documentation, allowing any version to be installed including those with known vulnerabilities.
pip install requests
→ Pin to a specific version: pip install requests==2.31.0
 SKILL.md:39
资源类型声明权限推断权限状态证据
网络访问 READ WRITE ✗ 越权 init.py:14-19 — token sent as query param to remote API
文件系统 NONE WRITE ✗ 越权 init.py:55 — writes downloaded BitSoulBeauty.exe to skill directory
命令执行 NONE WRITE ✗ 越权 SKILL.md:75 — executes BitSoulBeauty.exe binary with token as argument
2 项发现
🔗
中危 外部 URL 外部 URL
http://info.aicodingyard.com
BitSoulFaceBeautySkill/init.py:6
🔗
中危 外部 URL 外部 URL
https://www.aicodingyard.com
SKILL.md:7

目录结构

2 文件 · 14.6 KB · 270 行
Markdown 1f · 159L Python 1f · 111L
├─ 📁 BitSoulFaceBeautySkill
│ └─ 🐍 init.py Python 111L · 4.1 KB
└─ 📝 SKILL.md Markdown 159L · 10.5 KB

依赖分析 1 项

包名版本来源已知漏洞备注
requests * pip (undeclared in code) Version not pinned

安全亮点

✓ No obfuscated code or base64-encoded payloads found
✓ No direct reverse shell or arbitrary code execution via Python
✓ No access to sensitive filesystem paths like ~/.ssh or ~/.aws
✓ No iteration over os.environ for credential harvesting
✓ No embedded scripts from external URLs beyond the documented binary download
✓ Skill is contained to a single init.py with readable, straightforward logic