安全决策报告

risk-analysis

Name: risk-analysis 可信度判断报告
Item: risk-analysis
Rating: 48
Author: ClawSafe

Skill declares video/image risk analysis but contains undeclared MySQL database connectivity with hardcoded credentials, fallback hardcoded JWT tokens in source code, and connects to an internal IP (172.31.16.2) — all missing from SKILL.md documentation.

安装决策优先来源: 手动上传扫描时间: 2026/4/4

文件 19

IOC 7

越权项 2

发现 8

最直接的威胁证据

高危凭证窃取

Hardcoded MySQL credentials in config.yaml

The file skills/scripts/common/config.yaml contains a hardcoded database connection string with plaintext username 'admin' and password 'Smyx2025@db' pointing to internal IP 172.31.16.2. These credentials are not read from environment variables and are present in the skill package.

skills/scripts/common/config.yaml:4

为什么得出这个结论

3/4 个维度触发

阻止

声明与实际能力

发现 2 项声明之外的能力或越权行为。

阻止

隐藏执行与外联

提取到 1 个高危 IOC 或外联信号。

阻止

攻击链与高危发现

报告包含 0 步攻击链，另有 4 项高危或严重发现。

复核

依赖与供应链卫生

发现 7 项需要关注的依赖或供应链线索。

风险分是怎么被拉高的

Undeclared database connectivity +20

SKILL.md does not mention database:WRITE; skills/scripts/common/dao.py connects to MySQL via SQLAlchemy with no mention in docs

Hardcoded credentials in config files +15

skills/scripts/common/config.yaml exposes admin:Smyx2025@[email protected]; config-dev.yaml exposes remoteuser with special-char password

Hardcoded Feishu credentials +10

Feishu app-id and app-secret hardcoded in config.yaml (cli_a93d769369badcb1 / zYJMyYcB4kIF5uPCwFACBdmvbr3JkK8r)

Hardcoded fallback JWT tokens +5

util.py:217 contains hardcoded JWT bearer tokens as fallback in _get_or_create_user exception handler

Internal IP hardcoded +5

172.31.16.2 hardcoded as database host; connects to internal infrastructure without declaration

No dependency pinning +3

requirements.txt has unpinned versions across ~90 packages

最关键的证据

高危凭证窃取

Hardcoded MySQL credentials in config.yaml

skills/scripts/common/config.yaml:4

Move database credentials to environment variables or a secrets manager. Never ship credentials in config files within the skill package.

高危凭证窃取

Hardcoded Feishu app credentials in config.yaml

Feishu (Lark) application ID and secret are hardcoded in config.yaml (feishu-app--id: cli_a93d769369badcb1, feishu-app--secret: zYJMyYcB4kIF5uPCwFACBdmvbr3JkK8r). If compromised, these could be used to send messages via the organization's Feishu workspace.

skills/scripts/common/config.yaml:10

Move Feishu credentials to environment variables.

高危凭证窃取

Hardcoded JWT bearer tokens in exception handler fallback

util.py contains a _get_or_create_user() function with a hardcoded JWT token as a fallback in the exception handler (line ~217). While commented, the token structure (eyJ... base64) is readable and could be activated if the exception path is taken.

skills/scripts/common/util.py:217

Remove hardcoded JWT tokens entirely. Use proper credential management.

高危文档欺骗

Undeclared MySQL database connectivity — SKILL.md mismatch

SKILL.md declares only filesystem:READ and network:READ for video/image analysis. However, the skill's dao.py connects to MySQL (database:WRITE) via SQLAlchemy using hardcoded credentials from config.yaml. This database access is completely absent from the SKILL.md documentation.

skills/scripts/common/dao.py:58

Declare all database resource access in SKILL.md with justification.

中危供应链

No dependency version pinning in requirements.txt

requirements.txt contains ~90 packages with unpinned versions (e.g., requests>=2.28.0, opencv-python>=4.5.5, numpy>=1.21.0, pillow>=9.0.0). This allows any version including vulnerable ones to be installed.

requirements.txt:1

Pin all dependencies to exact versions or tight ranges to ensure reproducible and secure builds.

中危权限提升

Undeclared environment variable reading for user identity

The skill reads OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, and FEISHU_OPEN_ID from os.environ to identify the user without declaring this in SKILL.md. This constitutes undeclared environment:READ access for user identity mapping.

skills/scripts/common/config.py:178

Declare environment variable access in SKILL.md resource section.

中危数据外泄

User token storage in external MySQL database — undeclared data sink

The dao.py User model stores user tokens (token, open_token fields) in an external MySQL database (172.31.16.2). The skill reads and writes these tokens during user authentication flows. The data destination (external MySQL) is not declared in SKILL.md.

skills/scripts/common/dao.py:232

Declare the external database as a data sink in SKILL.md with a data handling section.

低危敏感访问

Internal network IP (172.31.16.2) hardcoded

An internal VPC IP address (172.31.16.2) is hardcoded as the MySQL database host. While this limits direct external exploitability, it exposes internal infrastructure topology and could be weaponized in a lateral movement scenario.

skills/scripts/common/config.yaml:4

Use environment variable for the database host to avoid exposing internal IPs in packaged code.

声明能力 vs 实际能力

文件系统 通过

声明 READ

→

推断 READ

SKILL.md: scripts/risk_analysis.py reads local files with os.path.exists, os.path.getsize

网络访问 阻止

声明 READ

→

推断 WRITE

SKILL.md does not declare network:WRITE; risk_analysis.py sends POST requests to external APIs; util.py POSTs to multiple external health APIs; dao.py connects to MySQL on 172.31.16.2

数据库 阻止

声明 NONE

→

推断 WRITE

SKILL.md declares no database access; dao.py uses SQLAlchemy to connect to MySQL at 172.31.16.2:3306 with hardcoded credentials

命令执行 通过

声明 NONE

→

推断 NONE

No subprocess/shell execution found

环境变量 通过

声明 NONE

→

推断 READ

config.py reads ALERT_FEISHU_WEBHOOK, RISK_ANALYSIS_API_KEY, RISK_ANALYSIS_API_URL; util.py reads OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID

剪贴板 通过

声明 NONE

→

推断 NONE

No clipboard access found

浏览器 通过

声明 NONE

→

推断 NONE

No browser access found

技能调用 通过

声明 NONE

→

推断 NONE

No dynamic skill invocation found

可疑产物与外联

高危 IP 地址

172.31.16.2

skills/scripts/common/config.yaml:4

中危外部 URL

https://open.lifeemergence.com/smyx-open-api

scripts/config.py:56

中危外部 URL

http://livemonitortest.lifeemergence.com/smyx-open-api

skills/scripts/common/config-dev.yaml:4

中危外部 URL

https://healthtest.lifeemergence.com/jeecg-boot

skills/scripts/common/config-dev.yaml:5

中危外部 URL

http://192.168.1.234:8080/jeecg-boot

skills/scripts/common/config-dev.yaml:6

中危外部 URL

https://lifeemergence.com/jeecg-boot

skills/scripts/common/config.yaml:6

提示邮箱

[email protected]

skills/scripts/common/config-dev.yaml:3

依赖与供应链

包名	版本	来源	漏洞	备注
requests	`>=2.28.0`	pip	否	Version not pinned — minimum declared is 2.28.0, latest 2.32.5 may be installed
opencv-python	`>=4.5.5`	pip	否	Version not pinned
numpy	`>=1.21.0`	pip	否	Version not pinned
pillow	`>=9.0.0`	pip	否	Version not pinned
SQLAlchemy	`2.0.46`	pip	否	Exact pinned version present in requirements.txt
PyMySQL	`1.1.2`	pip	否	Exact pinned version
pydash	`8.0.6`	pip	否	Exact pinned version; used for response extraction

文件构成

19 个文件 · 1765 行

Python 11 个文件 · 1405 行Markdown 2 个文件 · 200 行Text 1 个文件 · 127 行YAML 5 个文件 · 33 行

需关注文件 · 7

skills/scripts/common/dao.py Python · 394 行

Undeclared MySQL database connectivity — SKILL.md mismatch · User token storage in external MySQL database — undeclared data sink

skills/scripts/common/util.py Python · 327 行

Hardcoded JWT bearer tokens in exception handler fallback

skills/scripts/common/config.py Python · 185 行

Undeclared environment variable reading for user identity

requirements.txt Text · 127 行

No dependency version pinning in requirements.txt

scripts/config.py Python · 56 行

https://open.lifeemergence.com/smyx-open-api

skills/scripts/common/config.yaml YAML · 17 行

Hardcoded MySQL credentials in config.yaml · Hardcoded Feishu app credentials in config.yaml · Internal network IP (172.31.16.2) hardcoded · 172.31.16.2 · https://lifeemergence.com/jeecg-boot

skills/scripts/common/config-dev.yaml YAML · 9 行

http://livemonitortest.lifeemergence.com/smyx-open-api · https://healthtest.lifeemergence.com/jeecg-boot · http://192.168.1.234:8080/jeecg-boot · [email protected]

其他文件 · risk_analysis.py · SKILL.md · api_service.py · risk_categories.md · skill.py

19 文件 · 62.9 KB · 1765 行

Python 11f · 1405LMarkdown 2f · 200LText 1f · 127LYAML 5f · 33L

├─ ▾ 📁 references

│ └─ 📝 risk_categories.md Markdown 76L · 2.2 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 __init__.py Python 0 B

│ ├─ 🐍 config.py Python 56L · 2.0 KB

│ ├─ 📋 config.yaml YAML 1L · 4 B

│ ├─ 🐍 risk_analysis.py Python 271L · 8.6 KB

│ └─ 🐍 skill.py Python 41L · 1.3 KB

├─ ▾ 📁 skills

│ └─ ▾ 📁 scripts

│ └─ ▾ 📁 common

│ ├─ 🐍 __init__.py Python 8L · 151 B

│ ├─ 🐍 api_service.py Python 98L · 2.7 KB

│ ├─ 🐍 base.py Python 25L · 440 B

│ ├─ 📋 config-dev.yaml YAML 9L · 511 B

│ ├─ 📋 config-prod.yaml YAML 0 B

│ ├─ 📋 config-test.yaml YAML 6L · 323 B

│ ├─ 🐍 config.py Python 185L · 7.9 KB

│ ├─ 📋 config.yaml YAML 17L · 648 B

│ ├─ 🐍 dao.py Python 394L · 14.1 KB

│ └─ 🐍 util.py Python 327L · 14.1 KB

├─ 📝 SKILL.md Markdown 124L · 5.6 KB

├─ 🐍 __init__.py Python 0 B

└─ 📄 requirements.txt Text 127L · 2.3 KB

安全亮点

No subprocess, shell execution, or direct OS command invocation found

No base64-encoded payloads or obfuscated execution

No ~/.ssh, ~/.aws, or .env file reading

No reverse shell, C2 communication patterns, or data theft to external IPs

No cron/persistence mechanisms or startup hooks detected

Skill follows a legitimate health monitoring use case (fall detection, risk analysis)

Input validation exists for file paths and URL formats

open-id enforcement is documented and implemented to prevent unauthorized analysis