{ "trust": { "tier": "Dangerous", "emoji": "🔴", "description": "Multiple critical issues — do not install without thorough manual review", "score": 20 }, "format": "skill", "skill": { "name": "idea-storm", "description": "工程问题的自动化迭代实验室。给定一个 idea 或工程问题,自动调研方案、设计实现、验证效果、迭代优化,结果存入 Notion。触发词:\"idea-storm\"、\"实验一下\"、\"帮我验证\"、\"迭代优化\"、\"idea 验证\"。当用户提出一个工程问题并希望自动化地调研→设计→验证→迭代时使用此 skill。", "version": "1.0.0", "slug": "idea-storm" }, "scores": { "security": 0, "transparency": 6, "maintenance": 9, "overall": 2 }, "permissions": { "summary": "No declared permissions — minimal attack surface.", "environmentVariables": [], "binaries": [], "envVarCount": 0, "requiredBinCount": 0 }, "compoundThreats": [ { "id": "data_exfiltration", "severity": "critical", "description": "Reads local files AND sends data to external servers — potential data exfiltration", "capabilities": [ "file_read", "network_out" ], "owasp": [ "LLM02", "LLM06" ], "owaspAsi": [ "ASI03" ] }, { "id": "credential_theft", "severity": "high", "description": "Accesses credentials AND sends data externally — potential credential theft", "capabilities": [ "credential_access", "network_out" ], "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ] }, { "id": "supply_chain", "severity": "high", "description": "Installs packages AND executes processes — opaque dependency chain with execution", "capabilities": [ "package_install", "process_exec" ], "owasp": [ "LLM03" ], "owaspAsi": [ "ASI04" ] }, { "id": "process_exfiltration", "severity": "high", "description": "Executes processes AND sends data externally — may exfiltrate command output", "capabilities": [ "process_exec", "network_out" ], "owasp": [ "LLM02", "LLM06" ], "owaspAsi": [ "ASI03" ] } ], "permissionIntegrity": [ { "type": "undeclared_capability", "severity": "high", "description": "Makes network requests but does not declare curl/wget in required binaries", "declared": [], "actual": "network_out", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] }, { "type": "undeclared_capability", "severity": "high", "description": "Code accesses API keys/tokens but declares no environment variables", "actual": "credential_access", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] }, { "type": "opaque_dependency", "severity": "medium", "description": "Installs packages at runtime — transitive dependencies are not auditable", "actual": "package_install", "owasp": [ "LLM03" ], "owaspAsi": [ "ASI04" ] } ], "capabilities": [ "process_exec", "network_out", "package_install", "file_read", "credential_access" ], "findings": [ { "severity": "critical", "category": "obfuscation", "description": "Unicode homoglyph detected — uses lookalike characters to evade pattern matching", "zone": "frontmatter", "zoneContext": "declaration", "file": "SKILL.md", "downgraded": false, "sample": "", "owasp": [ "LLM01", "LLM03" ], "owaspAsi": [ "ASI04", "ASI10" ], "confidence": "pattern" }, { "severity": "high", "category": "code_execution", "description": "Uses spawn() — can execute external programs", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "spawn(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "shell_injection", "description": "Recursive delete from root or home — destructive command", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "rm -rf /", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "medium", "category": "shell_injection", "description": "Changes file ownership", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "chown ", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "shell_injection", "description": "apt-get install — installs system packages", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "apt-get install", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "credentials", "description": "Possible hardcoded credential", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "TOKEN=\"$API_KEY", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" }, { "severity": "high", "category": "code_execution", "description": "Uses exec() — may execute shell commands", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "exec(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "low", "category": "shell_injection", "description": "Sets world-executable permissions", "zone": "prose", "zoneContext": "documentation", "file": "scripts/run-sandbox.sh", "downgraded": true, "sample": "chmod 777", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" } ], "summary": { "total": 8, "critical": 3, "high": 3, "medium": 1, "low": 1, "compoundThreats": 4, "integrityIssues": 3 }, "trustSignals": { "positive": [ { "signal": "versioned", "positive": true, "detail": "Version 1.0.0" }, { "signal": "described", "positive": true, "detail": "Has meaningful description" }, { "signal": "documented", "positive": true, "detail": "SKILL.md has substantial documentation" } ], "negative": [ { "signal": "undeclared_env", "positive": false, "detail": "Uses credentials in code but declares no env vars" }, { "signal": "opaque_deps", "positive": false, "detail": "Installs packages at runtime — transitive dependencies are unauditable" } ] }, "files": { "hasExecutableCode": true, "executableFiles": [ "scripts/compare_images.py", "scripts/run-sandbox.sh" ], "totalFiles": 5 }, "humanSummary": "idea-storm scores 20/100 (Dangerous). It declares no permissions. Reads local files AND sends data to external servers — potential data exfiltration. 2 undeclared capabilities detected — the skill does more than its permissions suggest. 3 critical pattern matches in code.", "auditedAt": "2026-04-23T03:42:13.458Z", "vtEnrichment": { "checked": 3, "flagged": 0, "urls": [ { "url": "https://www.notion.so/my-integrations", "malicious": 0, "suspicious": 0, "engines": 91, "cached": true }, { "url": "https://api.notion.com/v1/pages", "malicious": 0, "suspicious": 0, "engines": 0, "cached": false }, { "url": "https://api.notion.com/v1/blocks/$PAGE_ID/children", "malicious": 0, "suspicious": 0, "engines": 94, "cached": true } ] } }