Skill Trust Decision

recognize_intent

Name: recognize_intent Trust Review Report
Item: recognize_intent
Rating: 58
Author: ClawSafe

技能为合法BI意图识别工具，但存在硬编码外部IP和内嵌JWT令牌等可疑配置，存在配置漂移和凭证管理问题

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 3

Artifacts 3

Violations 2

Findings 3

Most direct threat evidence

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

4 dependency or supply-chain issues need attention.

What drove the risk score up

硬编码外部IP +20

recognize_intent.py:969 硬编码IP 47.77.199.56 为 Gemini API 地址

内嵌JWT令牌 +15

recognize_intent.py:973-978 内嵌默认JWT令牌作为fallback凭证

Shell执行能力 +10

index.js 使用 spawn 执行 Python，无文档声明

Most important evidence

Medium Sensitive Access

硬编码外部IP地址

Gemini API URL使用硬编码IP 47.77.199.56 而非域名，环境变更时无法动态更新

recognize_intent.py:969

使用环境变量配置API地址，确保可审计和可替换

Medium Credential Theft

内嵌JWT令牌作为默认凭证

代码中硬编码了长串JWT令牌作为GEMINI_TOKEN的默认值，存在凭证泄露风险

recognize_intent.py:973

移除硬编码令牌，要求用户必须配置有效的环境变量

Low Doc Mismatch

Shell执行能力未在文档声明

SKILL.md未声明使用subprocess/spawn执行Python脚本

index.js:75

在文档中声明允许执行的命令和用途

Declared capability vs actual capability

Filesystem Pass

Declared READ

→

Inferred READ

index.js:40 从 .env 读取配置

Shell Block

Declared NONE

→

Inferred WRITE

index.js:75 使用 child_process.spawn 执行 Python

Network Block

Declared NONE

→

Inferred READ

recognize_intent.py:969 硬编码外部IP作为API端点

Suspicious artifacts and egress

High IP Address

47.77.199.56

recognize_intent.py:969

Medium External URL

http://47.77.199.56/api/v1beta

recognize_intent.py:969

Medium External URL

https://dashscope.aliyuncs.com/compatible-mode/v1

recognize_intent.py:1016

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
httpx	`*`	pip	No	无版本锁定
pymilvus	`*`	pip	No	无版本锁定
openai	`*`	pip	No	无版本锁定
pymysql	`*`	pip	No	无版本锁定

File composition

3 files · 2119 lines

Python 1 files · 1930 linesJavaScript 1 files · 135 linesMarkdown 1 files · 54 lines

Files of concern · 2

recognize_intent.py Python · 1930 lines

硬编码外部IP地址 · 内嵌JWT令牌作为默认凭证 · 47.77.199.56 · http://47.77.199.56/api/v1beta · https://dashscope.aliyuncs.com/compatible-mode/v1

index.js JavaScript · 135 lines

Shell执行能力未在文档声明

Other files · SKILL.md

Security positives

代码结构清晰，无混淆或Base64编码的恶意载荷

无凭证外传或C2通信行为

外部服务调用为正常业务逻辑（Gemini AI、Milvus、MySQL）

错误处理完善，失败时优雅降级