📦

سجل التدقيق

spec-kit-claude-code-workflow - 6 عمليات التدقيق

إصدار التدقيق 6

الأحدث آمن

Jun 28, 2026, 03:57 AM

Static analysis reported six possible issues, but all reviewed locations are prose in SKILL.md. No executable code, network activity, system reconnaissance, weak cryptography use, data exfiltration, or prompt injection attempt was found.

1
الملفات التي تم فحصها
184
الأسطر التي تم تحليلها
3
Review items
0
False positives ignored

Confirmed security concerns (3)

منخفض
False Positive: Weak Cryptography Pattern
The static hits occur in descriptive workflow text, not in cryptographic code. Line 7 describes the skill, and line 45 discusses folder-specific rule overrides.
The referenced lines contain natural-language documentation only. I found no algorithm names, crypto libraries, key handling, or encryption implementation.
منخفض
False Positive: System Reconnaissance Pattern
The static hits refer to rapid prototyping and rapid specification changes. They do not instruct collection of host, user, process, or environment information.
Both locations are workflow guidance sentences. I found no command usage, filesystem probing, environment access, or inventory collection.
منخفض
False Positive: Network Reconnaissance Pattern
The static hits discuss feedback mechanisms and workflow monitoring. They do not contain network scanning, connection testing, or external endpoint access.
The relevant text is conceptual process guidance. I found no URLs, sockets, port scans, ping commands, or network libraries.
دقّقه: codex

إصدار التدقيق 5

آمن

Jan 16, 2026, 03:50 PM

Pure documentation skill containing only YAML frontmatter and markdown guidance for development workflow. No executable code, scripts, network calls, filesystem access, or command execution capabilities. All 15 static findings are false positives from pattern-matching on benign documentation text.

2
الملفات التي تم فحصها
361
الأسطر التي تم تحليلها
0
Review items
0
False positives ignored
لم تُكتشف مشكلات أمنية
دقّقه: claude

إصدار التدقيق 4

آمن

Jan 16, 2026, 03:50 PM

Pure documentation skill containing only YAML frontmatter and markdown guidance for development workflow. No executable code, scripts, network calls, filesystem access, or command execution capabilities. All 15 static findings are false positives from pattern-matching on benign documentation text.

2
الملفات التي تم فحصها
361
الأسطر التي تم تحليلها
0
Review items
0
False positives ignored
لم تُكتشف مشكلات أمنية
دقّقه: claude

إصدار التدقيق 3

آمن

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
الملفات التي تم فحصها
184
الأسطر التي تم تحليلها
0
Review items
0
False positives ignored
لم تُكتشف مشكلات أمنية
دقّقه: claude

إصدار التدقيق 2

آمن

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
الملفات التي تم فحصها
184
الأسطر التي تم تحليلها
0
Review items
0
False positives ignored
لم تُكتشف مشكلات أمنية
دقّقه: claude

إصدار التدقيق 1

آمن

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
الملفات التي تم فحصها
184
الأسطر التي تم تحليلها
0
Review items
0
False positives ignored
لم تُكتشف مشكلات أمنية
دقّقه: claude