Back to skill

Security audit

Huifu Pay Integration

Security checks across malware telemetry and agentic risk

Overview

This is a payment-integration documentation skill with disclosed sandbox and credential guidance, but users should handle its payment, identity, and sandbox credential examples carefully.

Installers should treat this as a payment integration aid, not as production approval. Verify the sandbox download source and checksum, keep sandbox credential files out of repos/chats/tickets, never use production private keys in the sandbox, and add your own privacy controls for identity, device, and payment identifiers before using the examples in real systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (11)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The ext_user_info section documents collection of highly sensitive identity data, including mobile number and government ID number, but provides almost no handling guidance beyond encrypting cert_no. In a payment-integration skill, this can encourage integrators to collect, log, retain, or transmit excess personal data without clear minimization, masking, access-control, or legal-compliance safeguards.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The document states that a `trans.close` webhook can drive downstream order-closing workflows, but it does not warn readers to verify the webhook signature, enforce idempotency, and validate order-state transitions before mutating business data. In a payment integration context, incomplete guidance here can lead implementers to trust callback events too early or process duplicate/spoofed notifications, causing incorrect order closure, reconciliation errors, or business-state corruption.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document instructs integrators to transmit highly sensitive device identifiers such as IMEI, IMSI, ICCID, MAC, Wi‑Fi MAC, GPS, and public IP without any privacy warning, minimization guidance, or consent/compliance constraints. In a payment integration context, this can lead downstream developers to collect and send unnecessary personal/device data, increasing privacy, regulatory, and breach risk if the data is mishandled or over-collected.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The implementation note explicitly recommends storing raw channel-extension JSON and extracting searchable fields such as openid, buyer_id, and bank_type, but provides no privacy, minimization, masking, retention, or access-control guidance. Because these values are payment/user identifiers and the raw JSON may also contain account-related fields, this guidance can lead integrators to persist sensitive data broadly, increasing exposure in logs, databases, exports, and internal tooling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example request includes realistic personal data fields such as a person's name, mobile number, and identity document placeholder within a payment integration document, but it does not clearly warn readers to use synthetic data, minimize collection, or protect sensitive fields. In a payment skill, this can normalize copying production-style PII into logs, test fixtures, and support tickets, increasing privacy and compliance risk even if the sample value is partly placeholder-based.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document instructs integrators to transmit highly sensitive personal data such as name and ID number, and explicitly notes the ID number must be RSA-encrypted, but it provides no accompanying privacy, consent, retention, or minimization guidance. In a payment context this can lead downstream implementers to collect and send regulated personal data without adequate user notice or lawful handling controls, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This section directs implementers to send persistent user identifiers, terminal/device metadata, and source IP information to payment systems, but does not warn about privacy implications, data minimization, or restrictions on logging and secondary use. Because these values can identify or track users and devices across transactions, omission of handling guidance creates a realistic risk of overcollection, silent tracking, and noncompliant processing.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document defines numerous payment-response fields that can contain personal or sensitive financial data, such as buyer identifiers, account names, account numbers, request IPs, and merchant private fields, but it gives no guidance on masking, minimizing, logging restrictions, retention, or access control. In an integration/copilot context, developers may copy these fields into logs, dashboards, or downstream APIs by default, creating avoidable privacy leakage and compliance exposure.

Credential Access

High
Category
Privilege Escalation
Content
`--print-json` 会输出 `control_url`、`gateway_url`、`health_url`、`mode`、`credential_profile`、`signature_model`、`admin_token` 和 `csrf_token`。这些 token 只用于本机控制面,不要写入仓库、聊天记录或可分享报告。公开健康检查和页面状态接口不返回 `admin_token`、`csrf_token` 或 Webhook 端点密钥。

启动后可以直接在浏览器打开 `control_url`。首次进入控制台会展示本地沙箱服务使用声明;默认勾选“不再提示”,同意后继续使用,拒绝后停止本地沙箱服务并尝试关闭当前页面。本地控制台会自动刷新运行状态,展示接入信息、可复制的 `gateway_url`、支付/退款/关单/对账记录、事件流、Notify/Webhook 投递记录和安全发现。页面“项目接入配置”提供“导出凭证”、“复制配置”、“显示 Webhook Key”、“保存 Webhook”和“使用说明”;导出凭证和显示 Webhook Key 都需要输入启动输出中的 `admin_token`,浏览器会下载 `sandbox-credentials.json` 或在页面显示本次运行的 `webhook_endpoint_key`。托管支付记录可点击“模拟成功”,用于把本地预下单状态推进为支付成功并触发后续查单、Notify 或 Webhook 演练;手动 Notify/Webhook 只做投递测试,不直接改业务主记录。Webhook 目标可在页面输入本机接收地址并保存,本次运行内业务状态里的 Webhook 成功/失败按钮会变为可用;外部 Webhook 地址仍需启动时通过 `--notify-allow` 精确放行。生成报告或停止服务同样需要 `admin_token`;页面不会持久化保存 token,页面状态接口不返回 `admin_token`、`csrf_token`、完整私钥、Webhook 端点密钥或回调 URL query 明文。

控制台“接入信息”区域会从公开索引 `hf-payment-local-sandbox-latest.json` 检查更新。检查更新不需要 `admin_token`,不上传私钥、公钥、`sys_id`、`product_id`、`huifu_id`、请求日志、报告、Webhook 地址或 Notify 地址;只读取公开 JSON,并在有新版时展示当前平台下载地址、文件名、大小和 SHA256。沙箱不做静默自动安装,用户下载新版后手动解压并重新启动。
Confidence
89% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
控制台“接入信息”区域会从公开索引 `hf-payment-local-sandbox-latest.json` 检查更新。检查更新不需要 `admin_token`,不上传私钥、公钥、`sys_id`、`product_id`、`huifu_id`、请求日志、报告、Webhook 地址或 Notify 地址;只读取公开 JSON,并在有新版时展示当前平台下载地址、文件名、大小和 SHA256。沙箱不做静默自动安装,用户下载新版后手动解压并重新启动。

3. 查看或导出 `official-demo` Profile。普通用户优先通过页面“导出凭证”下载 `sandbox-credentials.json`;命令行导出只作为维护者排障能力。无论哪种方式,都不要在文档、日志和报告里回显完整私钥。

`official-demo` 用户可见字段固定为 `product_id`、`sys_id`、商户请求签名私钥、沙箱响应验签公钥和 Webhook 终端密钥。预览包不内置完整私钥;首次使用时会在本机生成或读取 `sandbox-data/credentials/official-demo-merchant-private.pem` 和 `sandbox-data/credentials/official-demo-sandbox-private.pem` 两套 RSA 私钥。本地沙箱模式下,请求签名使用导出的商户私钥;沙箱用本机保存的商户请求验签公钥验请求签名;响应和通知由本机沙箱私钥加签;客户项目优先用导出的 `merchant_public_key` 验响应和通知签名。页面导出的 `sandbox-credentials.json` 只面向商户项目配置,和“复制配置”保持同一套扁平英文 key:`gateway_url`、`sys_id`、`product_id`、`huifu_id`、`skill_source`、`merchant_private_key`、`merchant_public_key`、`webhook_endpoint_key`、`signature_model`、`usage`,不再包含重复的 `merchant_config`、`sandbox_config` 或说明型嵌套层。官方 SDK 优先字段为无 PEM 头尾、无换行的 PKCS8 Base64 `merchant_private_key` 和 X509 Base64 `merchant_public_key`;Webhook 验签使用 `webhook_endpoint_key` 计算大写 `MD5(raw_body + webhook_endpoint_key)`,业务代码可用大小写不敏感比较兼容历史实现;本地配置直接给出样例 `huifu_id = 6666000100000001`。本地沙箱模式下 `skill_source` 固定使用 `hfps/1.3.1;sandbox/1.0.0`;官方联调或生产环境恢复为 `hfps/1.3.1`,不要携带 `;sandbox/...` 后缀。报告中必须保留 `signature_model = dual_key_local_sandbox`。
Confidence
92% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
3. 查看或导出 `official-demo` Profile。普通用户优先通过页面“导出凭证”下载 `sandbox-credentials.json`;命令行导出只作为维护者排障能力。无论哪种方式,都不要在文档、日志和报告里回显完整私钥。

`official-demo` 用户可见字段固定为 `product_id`、`sys_id`、商户请求签名私钥、沙箱响应验签公钥和 Webhook 终端密钥。预览包不内置完整私钥;首次使用时会在本机生成或读取 `sandbox-data/credentials/official-demo-merchant-private.pem` 和 `sandbox-data/credentials/official-demo-sandbox-private.pem` 两套 RSA 私钥。本地沙箱模式下,请求签名使用导出的商户私钥;沙箱用本机保存的商户请求验签公钥验请求签名;响应和通知由本机沙箱私钥加签;客户项目优先用导出的 `merchant_public_key` 验响应和通知签名。页面导出的 `sandbox-credentials.json` 只面向商户项目配置,和“复制配置”保持同一套扁平英文 key:`gateway_url`、`sys_id`、`product_id`、`huifu_id`、`skill_source`、`merchant_private_key`、`merchant_public_key`、`webhook_endpoint_key`、`signature_model`、`usage`,不再包含重复的 `merchant_config`、`sandbox_config` 或说明型嵌套层。官方 SDK 优先字段为无 PEM 头尾、无换行的 PKCS8 Base64 `merchant_private_key` 和 X509 Base64 `merchant_public_key`;Webhook 验签使用 `webhook_endpoint_key` 计算大写 `MD5(raw_body + webhook_endpoint_key)`,业务代码可用大小写不敏感比较兼容历史实现;本地配置直接给出样例 `huifu_id = 6666000100000001`。本地沙箱模式下 `skill_source` 固定使用 `hfps/1.3.1;sandbox/1.0.0`;官方联调或生产环境恢复为 `hfps/1.3.1`,不要携带 `;sandbox/...` 后缀。报告中必须保留 `signature_model = dual_key_local_sandbox`。

4. 已有项目使用本地沙箱时,不是另写一套“SDK 接入指南”,而是在项目现有支付出口层增加仅本地启用的 `local-sandbox` 运行模式。先尝试把官方 SDK 的网关基础地址、base URL、endpoint 或 HTTP client 配置为 `gateway_url`;如果 SDK 没有暴露这类配置项,则保留生产路径继续走官方 SDK,只在项目自己的支付网关封装层增加本地分支:复用原有订单组装、字段校验、幂等键和请求对象,发送阶段按汇付 envelope POST 到 `gateway_url + 接口路径`,响应再转换回项目原有业务服务接口。不要改官方 SDK 源码,不要用 hosts 劫持官方域名到本机,也不要让本地分支在生产环境默认启用。
Confidence
90% confidence
Finding
credentials.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.