Yanji Bus Query
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill is a coherent Yanji bus lookup tool, but its script can turn crafted station names or tampered bus data into local Python code execution.
Review or fix yanji-bus.sh before installing. The bus-query behavior is legitimate, but the script should treat fetched data and station names as data rather than executable Python source.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious station name, compromised bus server, or network attacker modifying the HTTP response could run commands with the user's local permissions when the agent queries bus data.
The script builds Python source code by directly interpolating user-controlled station arguments and an HTTP-fetched bus-data response. A crafted value containing Python string delimiters could break out of the quoted string and execute arbitrary Python locally.
BUS_DATA=$(curl -s ... "http://bus.yanjibus.com:8082/...line_data_${LINE}_${SUBLINE}.json...") ... python3 -c " ... from_station = '''$FROM_STATION''' ... to_station = '''$TO_STATION''' ... bus_json = '''$BUS_DATA''' ..."Do not construct Python code with untrusted strings. Pass station names and bus JSON through argv, stdin, environment variables, or a temporary JSON file; validate line/subline inputs; and use HTTPS or response validation where possible.
The skill may fail on systems without these tools, or it will use whichever curl/python3 binaries are present on the user's PATH.
The runnable artifact depends on bash, curl, and python3 even though the supplied requirements metadata says no required binaries. This appears purpose-aligned, but it is under-declared.
#!/bin/bash ... BUS_DATA=$(curl -s ... ) ... python3 -c "
Declare bash, curl, and python3 as runtime requirements and advise users to use trusted system-provided binaries.