中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 52/100
上次扫描:22 小时前 重新扫描
52 /100
risk-analysis
高风险行为识别分析工具 — video/image-based fall detection, health risk analysis, and behavioral monitoring
Skill declares video/image risk analysis but contains undeclared MySQL database connectivity with hardcoded credentials, fallback hardcoded JWT tokens in source code, and connects to an internal IP (172.31.16.2) — all missing from SKILL.md documentation.
技能名称risk-analysis
分析耗时62.9s
引擎pi
谨慎使用
Remove hardcoded credentials from config.yaml and source code. Declare all database and network resource access in SKILL.md. Pin dependency versions. Audit data flows for exfiltration risk before production deployment.

安全发现 8 项

严重性 安全发现 位置
高危
Hardcoded MySQL credentials in config.yaml 凭证窃取
The file skills/scripts/common/config.yaml contains a hardcoded database connection string with plaintext username 'admin' and password 'Smyx2025@db' pointing to internal IP 172.31.16.2. These credentials are not read from environment variables and are present in the skill package.
database-url: mysql+pymysql://admin:Smyx2025@[email protected]:3306/health-cloud?charset=utf8mb4
→ Move database credentials to environment variables or a secrets manager. Never ship credentials in config files within the skill package.
 skills/scripts/common/config.yaml:4
高危
Hardcoded Feishu app credentials in config.yaml 凭证窃取
Feishu (Lark) application ID and secret are hardcoded in config.yaml (feishu-app--id: cli_a93d769369badcb1, feishu-app--secret: zYJMyYcB4kIF5uPCwFACBdmvbr3JkK8r). If compromised, these could be used to send messages via the organization's Feishu workspace.
feishu-app--id: cli_a93d769369badcb1
  feishu-app--secret: zYJMyYcB4kIF5uPCwFACBdmvbr3JkK8r
→ Move Feishu credentials to environment variables.
 skills/scripts/common/config.yaml:10
高危
Hardcoded JWT bearer tokens in exception handler fallback 凭证窃取
util.py contains a _get_or_create_user() function with a hardcoded JWT token as a fallback in the exception handler (line ~217). While commented, the token structure (eyJ... base64) is readable and could be activated if the exception path is taken.
ApiEnum.TOKEN = ApiEnum.OPEN_TOKEN = "Bearer eyJhbGciOiJIUzUxMiJ9..."
→ Remove hardcoded JWT tokens entirely. Use proper credential management.
 skills/scripts/common/util.py:217
高危
Undeclared MySQL database connectivity — SKILL.md mismatch 文档欺骗
SKILL.md declares only filesystem:READ and network:READ for video/image analysis. However, the skill's dao.py connects to MySQL (database:WRITE) via SQLAlchemy using hardcoded credentials from config.yaml. This database access is completely absent from the SKILL.md documentation.
DATABASE_URL = ApiEnum.DATABASE_URL
self.engine = create_engine(DATABASE_URL, ...)
→ Declare all database resource access in SKILL.md with justification.
 skills/scripts/common/dao.py:58
中危
No dependency version pinning in requirements.txt 供应链
requirements.txt contains ~90 packages with unpinned versions (e.g., requests>=2.28.0, opencv-python>=4.5.5, numpy>=1.21.0, pillow>=9.0.0). This allows any version including vulnerable ones to be installed.
requests>=2.28.0
opencv-python>=4.5.5
numpy>=1.21.0
pillow>=9.0.0
→ Pin all dependencies to exact versions or tight ranges to ensure reproducible and secure builds.
 requirements.txt:1
中危
Undeclared environment variable reading for user identity 权限提升
The skill reads OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, and FEISHU_OPEN_ID from os.environ to identify the user without declaring this in SKILL.md. This constitutes undeclared environment:READ access for user identity mapping.
openclaw_sender_open_id = os.environ.get("OPENCLAW_SENDER_OPEN_ID")
openclaw_sender_username = os.environ.get("OPENCLAW_SENDER_USERNAME")
→ Declare environment variable access in SKILL.md resource section.
 skills/scripts/common/config.py:178
中危
User token storage in external MySQL database — undeclared data sink 数据外泄
The dao.py User model stores user tokens (token, open_token fields) in an external MySQL database (172.31.16.2). The skill reads and writes these tokens during user authentication flows. The data destination (external MySQL) is not declared in SKILL.md.
token = Column(String(500), comment="token")
open_token = Column(String(1000), comment="开放token")
→ Declare the external database as a data sink in SKILL.md with a data handling section.
 skills/scripts/common/dao.py:232
低危
Internal network IP (172.31.16.2) hardcoded 敏感访问
An internal VPC IP address (172.31.16.2) is hardcoded as the MySQL database host. While this limits direct external exploitability, it exposes internal infrastructure topology and could be weaponized in a lateral movement scenario.
mysql+pymysql://admin:Smyx2025@[email protected]:3306/health-cloud
→ Use environment variable for the database host to avoid exposing internal IPs in packaged code.
 skills/scripts/common/config.yaml:4
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md: scripts/risk_analysis.py reads local files with os.path.exists, os.pat…
网络访问 READ WRITE ✗ 越权 SKILL.md does not declare network:WRITE; risk_analysis.py sends POST requests to…
数据库 NONE WRITE ✗ 越权 SKILL.md declares no database access; dao.py uses SQLAlchemy to connect to MySQL…
命令执行 NONE NONE No subprocess/shell execution found
环境变量 NONE READ ✓ 一致 config.py reads ALERT_FEISHU_WEBHOOK, RISK_ANALYSIS_API_KEY, RISK_ANALYSIS_API_U…
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser access found
技能调用 NONE NONE No dynamic skill invocation found
1 高危 7 项发现
📡
高危 IP 地址 硬编码 IP 地址
172.31.16.2
skills/scripts/common/config.yaml:4
🔗
中危 外部 URL 外部 URL
https://open.lifeemergence.com/smyx-open-api
scripts/config.py:56
🔗
中危 外部 URL 外部 URL
http://livemonitortest.lifeemergence.com/smyx-open-api
skills/scripts/common/config-dev.yaml:4
🔗
中危 外部 URL 外部 URL
https://healthtest.lifeemergence.com/jeecg-boot
skills/scripts/common/config-dev.yaml:5
🔗
中危 外部 URL 外部 URL
http://192.168.1.234:8080/jeecg-boot
skills/scripts/common/config-dev.yaml:6
🔗
中危 外部 URL 外部 URL
https://lifeemergence.com/jeecg-boot
skills/scripts/common/config.yaml:6
📧
提示 邮箱 邮箱地址
[email protected]
skills/scripts/common/config-dev.yaml:3

目录结构

19 文件 · 62.9 KB · 1765 行
Python 11f · 1405L Markdown 2f · 200L Text 1f · 127L YAML 5f · 33L
├─ 📁 references
│ └─ 📝 risk_categories.md Markdown 76L · 2.2 KB
├─ 📁 scripts
│ ├─ 🐍 __init__.py Python 0 B
│ ├─ 🐍 config.py Python 56L · 2.0 KB
│ ├─ 📋 config.yaml YAML 1L · 4 B
│ ├─ 🐍 risk_analysis.py Python 271L · 8.6 KB
│ └─ 🐍 skill.py Python 41L · 1.3 KB
├─ 📁 skills
│ └─ 📁 scripts
│ └─ 📁 common
│ ├─ 🐍 __init__.py Python 8L · 151 B
│ ├─ 🐍 api_service.py Python 98L · 2.7 KB
│ ├─ 🐍 base.py Python 25L · 440 B
│ ├─ 📋 config-dev.yaml YAML 9L · 511 B
│ ├─ 📋 config-prod.yaml YAML 0 B
│ ├─ 📋 config-test.yaml YAML 6L · 323 B
│ ├─ 🐍 config.py Python 185L · 7.9 KB
│ ├─ 📋 config.yaml YAML 17L · 648 B
│ ├─ 🐍 dao.py Python 394L · 14.1 KB
│ └─ 🐍 util.py Python 327L · 14.1 KB
├─ 🐍 __init__.py Python 0 B
├─ 📄 requirements.txt Text 127L · 2.3 KB
└─ 📝 SKILL.md Markdown 124L · 5.6 KB

依赖分析 7 项

包名版本来源已知漏洞备注
requests >=2.28.0 pip Version not pinned — minimum declared is 2.28.0, latest 2.32.5 may be installed
opencv-python >=4.5.5 pip Version not pinned
numpy >=1.21.0 pip Version not pinned
pillow >=9.0.0 pip Version not pinned
SQLAlchemy 2.0.46 pip Exact pinned version present in requirements.txt
PyMySQL 1.1.2 pip Exact pinned version
pydash 8.0.6 pip Exact pinned version; used for response extraction

安全亮点

✓ No subprocess, shell execution, or direct OS command invocation found
✓ No base64-encoded payloads or obfuscated execution
✓ No ~/.ssh, ~/.aws, or .env file reading
✓ No reverse shell, C2 communication patterns, or data theft to external IPs
✓ No cron/persistence mechanisms or startup hooks detected
✓ Skill follows a legitimate health monitoring use case (fall detection, risk analysis)
✓ Input validation exists for file paths and URL formats
✓ open-id enforcement is documented and implemented to prevent unauthorized analysis