سجل التدقيق
db-migration - 6 عمليات التدقيق
إصدار التدقيق 6
الأحدث مخاطر متوسطةJun 28, 2026, 12:12 PM
Static analysis reported many weak cryptography and command execution patterns, but manual review found no malware, prompt injection, network access, or data exfiltration. Most high-severity cryptography findings are false positives caused by Markdown, migration identifiers, and validation regex. The remaining risk is operational: the skill teaches database commands and SQL migrations that can modify or remove data if used without review.
مشكلات متوسطة المخاطر (2)
مشكلات منخفضة المخاطر (3)
عوامل الخطر
⚡ يحتوي على سكربتات (1)
⚙️ الأوامر الخارجية (5)
🔑 متغيرات البيئة (2)
الأنماط المكتشفة
إصدار التدقيق 5
آمنJan 16, 2026, 05:36 PM
Pure documentation skill with no executable code. The SKILL.md contains only documentation and code examples. The verify.py script only reads and validates YAML frontmatter locally. All 86 static findings are false positives from misidentified patterns: regex was flagged as crypto, markdown backticks as shell execution, and database terms like 'upgrade' as C2 keywords.
عوامل الخطر
⚡ يحتوي على سكربتات (1)
إصدار التدقيق 4
آمنJan 16, 2026, 05:36 PM
Pure documentation skill with no executable code. The SKILL.md contains only documentation and code examples. The verify.py script only reads and validates YAML frontmatter locally. All 86 static findings are false positives from misidentified patterns: regex was flagged as crypto, markdown backticks as shell execution, and database terms like 'upgrade' as C2 keywords.
عوامل الخطر
⚡ يحتوي على سكربتات (1)
إصدار التدقيق 3
آمنJan 10, 2026, 11:03 AM
Pure documentation skill with a verification script. SKILL.md contains no executable code, no network calls, and no filesystem operations. The verify.py script only reads and validates YAML frontmatter locally with no external network calls.
عوامل الخطر
⚡ يحتوي على سكربتات (1)
إصدار التدقيق 2
آمنJan 10, 2026, 11:03 AM
Pure documentation skill with a verification script. SKILL.md contains no executable code, no network calls, and no filesystem operations. The verify.py script only reads and validates YAML frontmatter locally with no external network calls.
عوامل الخطر
⚡ يحتوي على سكربتات (1)
إصدار التدقيق 1
آمنJan 10, 2026, 11:03 AM
Pure documentation skill with a verification script. SKILL.md contains no executable code, no network calls, and no filesystem operations. The verify.py script only reads and validates YAML frontmatter locally with no external network calls.