-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathxiaozhi-esp32-server-java.json
More file actions
41 lines (41 loc) · 1.34 KB
/
xiaozhi-esp32-server-java.json
File metadata and controls
41 lines (41 loc) · 1.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
{
"tool_id": "xiaozhi-esp32-server-java",
"version": "4.1.0",
"grade": "A",
"risk_score": 8,
"scan_date": "2026-03-31T01:30:51.393074148Z",
"scanner": "tooltrust-scanner/v0.2.1",
"source_url": "https://github.com/joey-zhou/xiaozhi-esp32-server-java",
"category": "Other",
"vendor": "joey-zhou",
"stars": 1186,
"license": "MIT",
"language": "Java",
"description": "小智ESP32的Java企业级管理平台,提供设备监控、音色定制、角色切换和对话记录管理的前后端及服务端一体化解决方案",
"findings": [
{
"id": "AS-002",
"severity": "Medium",
"title": "Excessive Permission Surface",
"description": "tool declares fs permission",
"recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
"tool_name": "get_source_contents"
}
],
"summary": {
"critical": 0,
"high": 0,
"medium": 1,
"low": 0,
"info": 0
},
"methodology": "https://github.com/AgentSafe-AI/tooltrust-directory/blob/main/docs/methodology.md",
"tool_names": [
"get_javadoc_content_list",
"get_javadoc_symbol_contents",
"get_latest_version",
"get_source_contents",
"list_source_contents",
"symbol_to_artifact"
]
}