技能 maxhub-kuaishou 審計歷史
🎬

審計歷史

maxhub-kuaishou - 2 審計

審計版本 2

最新 低風險

May 20, 2026, 12:45 PM

This skill is a legitimate API wrapper for querying Kuaishou data through the MaxHub service (www.aconfig.cn). All 135 static findings have been evaluated as false positives: hardcoded URLs point to the documented API endpoint, shell commands are documentation examples for curl-based API calls, and env access is for the declared MAXHUB_API_KEY credential. The skill transparently declares its requirements and usage patterns. No malicious intent, obfuscation, or prompt injection detected.

7
已掃描檔案
609
分析行數
6
發現項
claude
審計者
低風險問題 (3)
SKILL.md:10SKILL.md:13SKILL.md:17SKILL.md:50SKILL.md:68
API Credential Access in Environment Variables
The skill accesses MAXHUB_API_KEY from environment variables for API authentication. This is a legitimate and declared requirement documented in SKILL.md metadata. Users must configure their own API key obtained from aconfig.cn. The key is used only as Bearer token for authorized API calls.
SKILL.md:45-61references/api-video.md:3-4references/api-user.md:3-4
External API Network Calls via curl
The skill uses curl to make HTTP requests to the MaxHub API at www.aconfig.cn. These are documented, legitimate API calls for querying Kuaishou data. All API endpoints and parameters are defined in reference documentation files. The pattern is standard for API wrapper skills.
SKILL.md:49-61SKILL.md:67-69SKILL.md:80-81SKILL.md:91-92
Shell Command Documentation in Code Blocks
Bash code blocks in SKILL.md and README files show curl commands and environment variable checks. These are documentation examples for user reference, not active code execution. The commands execute legitimate API calls for the skill's intended purpose.

風險因素

🌐 網路存取 (25)
_meta.json:6 _meta.json:7 README_CN.md:22 README_CN.md:38 README_CN.md:42 README.md:22 README.md:38 README.md:42 references/api-user.md:3 references/api-user.md:17 references/api-user.md:112 references/api-video.md:3 references/api-video.md:43 references/param-mappings.md:3 references/param-mappings.md:9 references/param-mappings.md:21 SKILL.md:18 SKILL.md:22 SKILL.md:30 SKILL.md:32 SKILL.md:45 SKILL.md:53 SKILL.md:57 SKILL.md:77 SKILL.md:88
⚙️ 外部命令 (15)
README_CN.md:16-18 README_CN.md:18-23 README_CN.md:23 README.md:16-18 README.md:18-23 README.md:23 references/api-user.md:3-4 references/api-user.md:9 references/api-video.md:3-4 references/api-video.md:9 SKILL.md:45-61 SKILL.md:67-69 SKILL.md:80-81 SKILL.md:91-92 SKILL.md:106-109
🔑 環境變數 (11)
README_CN.md:23 README.md:23 references/api-user.md:4 references/api-video.md:4 SKILL.md:10 SKILL.md:13 SKILL.md:17 SKILL.md:50 SKILL.md:68 SKILL.md:80-81 SKILL.md:91-92

偵測到的模式

Combined Network, Command Execution, and Credential Access

審計版本 1

低風險

May 9, 2026, 07:16 AM

Security evaluation completed. Static scanner flagged 134 potential issues, but review reveals all findings are false positives. The skill uses template variables in markdown documentation (e.g. ${MAXHUB_API_KEY}) which triggered command execution alerts. Network and environment variable detections are intentional design - the skill is designed to communicate only with MaxHub API using environment-provided credentials. The skill explicitly documents its security boundaries in metadata.

3
已掃描檔案
392
分析行數
4
發現項
claude
審計者
低風險問題 (2)
references/api-catalog.md:9-56references/chain-patterns.md:8-12SKILL.md:43-283
False Positive: Command Execution Detection in Documentation
Static scanner flagged 'Ruby/shell backtick execution' patterns in markdown files. These are documentation code blocks containing template variables like ${MAXHUB_API_KEY} - not actual shell commands being executed. The skill is markdown-based instruction documentation, not executable code.
SKILL.md:1references/chain-patterns.md:1
False Positive: High File Entropy Detection
Static scanner flagged high entropy strings in SKILL.md and references/chain-patterns.md. This is caused by Chinese characters encoded in UTF-8, not encrypted or obfuscated content. The skill contains bilingual (Chinese/English) documentation.

風險因素

🌐 網路存取 (5)
SKILL.md:26 SKILL.md:27 SKILL.md:47 SKILL.md:68 SKILL.md:87
🔑 環境變數 (13)
SKILL.md:11 SKILL.md:12 SKILL.md:17 SKILL.md:44 SKILL.md:70 SKILL.md:79 SKILL.md:86 SKILL.md:93 SKILL.md:248 SKILL.md:257 SKILL.md:264 SKILL.md:273 SKILL.md:280
← 返回技能