tbs-scenario-builder

The skill bundle exhibits high-risk behaviors that, while functional for its stated purpose of managing training scenarios, introduce significant security vulnerabilities. Specifically, scripts such as `tbs_write_executor.py` and `persist-and-execute.py` utilize `ssl._create_unverified_context()` to bypass SSL certificate verification when communicating with the target API (sg-tbs-manage.mediportal.com.cn), exposing the agent to Man-in-the-Middle (MITM) attacks. Furthermore, the `SKILL.md` instructions direct the AI agent to execute shell commands via `npx clawhub install` to manage dependencies, which is a high-risk pattern for supply-chain attacks and unauthorized execution. While no clear evidence of intentional data exfiltration was found, these security flaws and the broad environment variable access (XG_USER_TOKEN) warrant a suspicious classification.