通义万相 2.5D 横幅插画

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+2 more)

Findings (27)

critical

suspicious.dangerous_exec

Location: hooks/gateway-restart-protection/handler.js:57
Finding: Shell command execution detected (child_process).

critical

suspicious.dangerous_exec

Location: scripts/autonomous-thinking.js:193
Finding: Shell command execution detected (child_process).

critical

suspicious.dangerous_exec

Location: scripts/triple-line-sync.js:49
Finding: Shell command execution detected (child_process).

critical

suspicious.dangerous_exec

Location: skills/send-html-to-feishu/scripts/run.js:41
Finding: Shell command execution detected (child_process).

critical

suspicious.dynamic_code_execution

Location: skills/skill-vetting/scripts/scan.py:22
Finding: Dynamic code execution detected.

critical

suspicious.env_credential_access

Location: skills/send-html-to-feishu/scripts/send-to-feishu.js:11
Finding: Environment variable access combined with network send.

critical

suspicious.exposed_secret_literal

Location: memory/2026-03-08.md:1773
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: memory/2026-03-14.md:55
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: reports/aliyun-embedding-analysis.md:12
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: scripts/debug-search-step.py:21
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: scripts/vectorize-and-store.py:19
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: scripts/vectorize-optimized.py:24
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: search_knowledge.py:22
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: skills/rag_search/TASK_COMPLETION_REPORT.md:178
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: skills/tts-automation/SKILL.md:96
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: test_semantic_search.py:16
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: test_vectorization.py:12
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: test-embedding-api.py:4
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: test-embedding-compare.py:16
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: test-vector-knowledge-flow.py:17
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: vector_query - 副本.py:22
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: vector_query.py:22
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: vectorize_all - 副本.py:27
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: vectorize_all.py:27
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: vectorize_content.py:25
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: vectorize_knowledge.py:27
Finding: File appears to expose a hardcoded API secret or token.

warn

suspicious.prompt_injection_instructions

Location: skills/skill-vetting/references/patterns.md:108
Finding: Prompt-injection style instruction pattern detected.