warn
suspicious.install_untrusted_source
- Location
- skills/smyx_common/scripts/config-dev.yaml:2
- Finding
- Install source points to URL shortener or raw IP.
高风险行为识别分析工具
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
Detected: suspicious.dep_not_found_on_registry, suspicious.install_untrusted_source
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A request to list one user's health/risk analysis history could return broader report records if the backend does not enforce its own authorization.
Why it was flagged
The report-listing method explicitly says that a missing open_id means no filter is added, which can exceed the stated per-user history-report scope.
Skill content
# open_id 检查 - 如果 open_id 为空/None,不添加过滤条件,返回所有报告
data = {}
if open_id:
data["createBy"] = open_idRecommendation
Remove the unfiltered fallback, always pass and enforce the user open-id, and require server-side authorization for report history access.
What this means
Users may provide or reuse sensitive identity-like information for report storage and lookup.
Why it was flagged
The skill may read a local config field named api-key or ask for a username/phone number to use as an open-id for saving/querying reports.
Skill content
如果文件存在且配置了 api-key 字段,则读取 api-key 作为 open-id ... 必须暂停执行,明确提示用户提供用户名或手机号作为 open-id
Recommendation
Use a dedicated, non-secret user identifier where possible and document whether api-key here is truly a credential or only a user identifier.
What this means
If a dev/test configuration is accidentally used, reports could be associated with or queried under the wrong identifier.
Why it was flagged
A development config includes a hardcoded default open-id that appears phone-number-like; the artifacts do not prove this config is active, but it is identity material bundled with the skill.
Skill content
ConstantEnum: is-debug: true default--open-id: "18072937735"
Recommendation
Remove hardcoded personal identifiers from packaged configs and require users to supply their own open-id explicitly.
What this means
Private video, images, or camera-derived frames of people may leave the local environment for analysis.
Why it was flagged
Local media is read and uploaded to the analysis service; this is expected for video/image health analysis but involves sensitive images or video.
Skill content
with open(input_path, 'rb') as f:
file_content = f.read()
...
files = {
'file': (os.path.basename(input_path), file_content, mime_type)
}
response = self.analysis(
params=params,
files=files
)Recommendation
Only submit media you are authorized to share, verify the provider endpoint and retention policy, and avoid using live streams without consent.
What this means
If this configuration is activated, sensitive analysis traffic could be routed to an unexpected local-network service.
Why it was flagged
A bundled development configuration points to a private IP over plain HTTP; this is not shown to be selected by default, but it is unusual for a public skill package.
Skill content
base-url-open-api: "http://192.168.1.234:9601/smyx-open-api"
Recommendation
Verify the active config before use, prefer HTTPS production endpoints, and remove private development endpoints from distributed packages.
Findings (2)
critical
suspicious.dep_not_found_on_registry
- Location
- Dependency manifests:1
- Finding
- 1 package(s) referenced in dependency files do not exist on their public registries: unattended-upgrades (pypi)