Skill Trust Decision
risk-analysis
Skill declares video/image risk analysis but contains undeclared MySQL database connectivity with hardcoded credentials, fallback hardcoded JWT tokens in source code, and connects to an internal IP (172.31.16.2) — all missing from SKILL.md documentation.
Most direct threat evidence
High Credential Theft
Hardcoded MySQL credentials in config.yaml The file skills/scripts/common/config.yaml contains a hardcoded database connection string with plaintext username 'admin' and password 'Smyx2025@db' pointing to internal IP 172.31.16.2. These credentials are not read from environment variables and are present in the skill package.
skills/scripts/common/config.yaml:4 Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 4 severe findings.
Review
Dependencies and supply chain hygiene
7 dependency or supply-chain issues need attention.
What drove the risk score up
Undeclared database connectivity +20
SKILL.md does not mention database:WRITE; skills/scripts/common/dao.py connects to MySQL via SQLAlchemy with no mention in docs
Hardcoded credentials in config files +15
skills/scripts/common/config.yaml exposes admin:Smyx2025@[email protected]; config-dev.yaml exposes remoteuser with special-char password
Hardcoded Feishu credentials +10
Feishu app-id and app-secret hardcoded in config.yaml (cli_a93d769369badcb1 / zYJMyYcB4kIF5uPCwFACBdmvbr3JkK8r)
Hardcoded fallback JWT tokens +5
util.py:217 contains hardcoded JWT bearer tokens as fallback in _get_or_create_user exception handler
Internal IP hardcoded +5
172.31.16.2 hardcoded as database host; connects to internal infrastructure without declaration
No dependency pinning +3
requirements.txt has unpinned versions across ~90 packages
Most important evidence
High Credential Theft
Hardcoded MySQL credentials in config.yaml
The file skills/scripts/common/config.yaml contains a hardcoded database connection string with plaintext username 'admin' and password 'Smyx2025@db' pointing to internal IP 172.31.16.2. These credentials are not read from environment variables and are present in the skill package.
skills/scripts/common/config.yaml:4 Move database credentials to environment variables or a secrets manager. Never ship credentials in config files within the skill package.
High Credential Theft
Hardcoded Feishu app credentials in config.yaml
Feishu (Lark) application ID and secret are hardcoded in config.yaml (feishu-app--id: cli_a93d769369badcb1, feishu-app--secret: zYJMyYcB4kIF5uPCwFACBdmvbr3JkK8r). If compromised, these could be used to send messages via the organization's Feishu workspace.
skills/scripts/common/config.yaml:10 Move Feishu credentials to environment variables.
High Credential Theft
Hardcoded JWT bearer tokens in exception handler fallback
util.py contains a _get_or_create_user() function with a hardcoded JWT token as a fallback in the exception handler (line ~217). While commented, the token structure (eyJ... base64) is readable and could be activated if the exception path is taken.
skills/scripts/common/util.py:217 Remove hardcoded JWT tokens entirely. Use proper credential management.
High Doc Mismatch
Undeclared MySQL database connectivity — SKILL.md mismatch
SKILL.md declares only filesystem:READ and network:READ for video/image analysis. However, the skill's dao.py connects to MySQL (database:WRITE) via SQLAlchemy using hardcoded credentials from config.yaml. This database access is completely absent from the SKILL.md documentation.
skills/scripts/common/dao.py:58 Declare all database resource access in SKILL.md with justification.
Medium Supply Chain
No dependency version pinning in requirements.txt
requirements.txt contains ~90 packages with unpinned versions (e.g., requests>=2.28.0, opencv-python>=4.5.5, numpy>=1.21.0, pillow>=9.0.0). This allows any version including vulnerable ones to be installed.
requirements.txt:1 Pin all dependencies to exact versions or tight ranges to ensure reproducible and secure builds.
Medium Priv Escalation
Undeclared environment variable reading for user identity
The skill reads OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, and FEISHU_OPEN_ID from os.environ to identify the user without declaring this in SKILL.md. This constitutes undeclared environment:READ access for user identity mapping.
skills/scripts/common/config.py:178 Declare environment variable access in SKILL.md resource section.
Medium Data Exfil
User token storage in external MySQL database — undeclared data sink
The dao.py User model stores user tokens (token, open_token fields) in an external MySQL database (172.31.16.2). The skill reads and writes these tokens during user authentication flows. The data destination (external MySQL) is not declared in SKILL.md.
skills/scripts/common/dao.py:232 Declare the external database as a data sink in SKILL.md with a data handling section.
Low Sensitive Access
Internal network IP (172.31.16.2) hardcoded
An internal VPC IP address (172.31.16.2) is hardcoded as the MySQL database host. While this limits direct external exploitability, it exposes internal infrastructure topology and could be weaponized in a lateral movement scenario.
skills/scripts/common/config.yaml:4 Use environment variable for the database host to avoid exposing internal IPs in packaged code.
Declared capability vs actual capability
Filesystem Pass
Declared READ
→ Inferred READ
SKILL.md: scripts/risk_analysis.py reads local files with os.path.exists, os.path.getsize Network Block
Declared READ
→ Inferred WRITE
SKILL.md does not declare network:WRITE; risk_analysis.py sends POST requests to external APIs; util.py POSTs to multiple external health APIs; dao.py connects to MySQL on 172.31.16.2 Database Block
Declared NONE
→ Inferred WRITE
SKILL.md declares no database access; dao.py uses SQLAlchemy to connect to MySQL at 172.31.16.2:3306 with hardcoded credentials Shell Pass
Declared NONE
→ Inferred NONE
No subprocess/shell execution found Environment Pass
Declared NONE
→ Inferred READ
config.py reads ALERT_FEISHU_WEBHOOK, RISK_ANALYSIS_API_KEY, RISK_ANALYSIS_API_URL; util.py reads OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID Clipboard Pass
Declared NONE
→ Inferred NONE
No clipboard access found Browser Pass
Declared NONE
→ Inferred NONE
No browser access found Skill Invoke Pass
Declared NONE
→ Inferred NONE
No dynamic skill invocation found Suspicious artifacts and egress
High IP Address
172.31.16.2 skills/scripts/common/config.yaml:4
Medium External URL
https://open.lifeemergence.com/smyx-open-api scripts/config.py:56
Medium External URL
http://livemonitortest.lifeemergence.com/smyx-open-api skills/scripts/common/config-dev.yaml:4
Medium External URL
https://healthtest.lifeemergence.com/jeecg-boot skills/scripts/common/config-dev.yaml:5
Medium External URL
http://192.168.1.234:8080/jeecg-boot skills/scripts/common/config-dev.yaml:6
Medium External URL
https://lifeemergence.com/jeecg-boot skills/scripts/common/config.yaml:6
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| requests | >=2.28.0 | pip | No | Version not pinned — minimum declared is 2.28.0, latest 2.32.5 may be installed |
| opencv-python | >=4.5.5 | pip | No | Version not pinned |
| numpy | >=1.21.0 | pip | No | Version not pinned |
| pillow | >=9.0.0 | pip | No | Version not pinned |
| SQLAlchemy | 2.0.46 | pip | No | Exact pinned version present in requirements.txt |
| PyMySQL | 1.1.2 | pip | No | Exact pinned version |
| pydash | 8.0.6 | pip | No | Exact pinned version; used for response extraction |
File composition
19 files · 1765 lines
Python 11 files · 1405 linesMarkdown 2 files · 200 linesText 1 files · 127 linesYAML 5 files · 33 lines
Files of concern · 7
skills/scripts/common/dao.py Undeclared MySQL database connectivity — SKILL.md mismatch · User token storage in external MySQL database — undeclared data sink
skills/scripts/common/util.py Hardcoded JWT bearer tokens in exception handler fallback
skills/scripts/common/config.py Undeclared environment variable reading for user identity
requirements.txt No dependency version pinning in requirements.txt
scripts/config.py https://open.lifeemergence.com/smyx-open-api
skills/scripts/common/config.yaml Hardcoded MySQL credentials in config.yaml · Hardcoded Feishu app credentials in config.yaml · Internal network IP (172.31.16.2) hardcoded · 172.31.16.2 · https://lifeemergence.com/jeecg-boot
skills/scripts/common/config-dev.yaml http://livemonitortest.lifeemergence.com/smyx-open-api · https://healthtest.lifeemergence.com/jeecg-boot · http://192.168.1.234:8080/jeecg-boot · [email protected]
Other files · risk_analysis.py · SKILL.md · api_service.py · risk_categories.md · skill.py
Security positives
No subprocess, shell execution, or direct OS command invocation found
No base64-encoded payloads or obfuscated execution
No ~/.ssh, ~/.aws, or .env file reading
No reverse shell, C2 communication patterns, or data theft to external IPs
No cron/persistence mechanisms or startup hooks detected
Skill follows a legitimate health monitoring use case (fall detection, risk analysis)
Input validation exists for file paths and URL formats
open-id enforcement is documented and implemented to prevent unauthorized analysis