byted-skillhub-download

SUSPICIOUS。技能目的与能力基本一致：它确实是一个企业私有技能下载器。但其实际信任链不透明：远程 API 域名由环境变量隐藏、企业 API Key 被直接转发、下载的是未声明校验的最新 zip，并自动解压到技能目录。未见明确恶意或凭证外传到明显第三方拦截服务，因此不像确认恶意；但安装信任与数据流完整性不足，整体应按中高风险处理。

This module is a downloader/extractor with no obvious in-module malicious behavior (no exec/backdoor). However, it presents a substantial supply-chain attack surface: it downloads artifacts over plaintext HTTP and extracts untrusted ZIP contents using zipfile.ZipFile.extractall without validating ZIP entry paths (Zip Slip). Combined with the absence of integrity/signature checks, a tampered or malicious server/MITM-delivered ZIP could write files outside the intended directory and enable downstream compromise. Review/patch: enforce HTTPS, validate ZIP member paths before extraction, and add artifact integrity verification (hash/signature).