📦

سجل التدقيق

frontend-nextjs-app-router - 7 عمليات التدقيق

إصدار التدقيق 7

الأحدث مخاطر متوسطة

Jun 28, 2026, 12:25 PM

Static analysis reported many severe patterns, but review found they are almost entirely Markdown and TypeScript documentation false positives. No malicious intent, prompt injection, executable scripts, credential collection, or data exfiltration was found. The skill has medium risk because several examples can encourage under-validated server actions, route handlers, and route protection patterns.

2
الملفات التي تم فحصها
649
الأسطر التي تم تحليلها
6
Review items
0
False positives ignored

Confirmed security concerns (6)

متوسط
Examples Omit Input Validation For Server-Side Mutations
TRUE POSITIVE semantic concern. Server Action and route handler examples read form or request body data and pass it to database helpers without showing validation, authorization, or error handling. The snippets are documentation, not active code, but they may lead generated applications to accept unsafe input.
The examples clearly show unvalidated mutation inputs in server-side contexts. Confidence is not higher because the code is illustrative documentation and helper functions may validate internally.
متوسط
Simplified Route Protection Examples May Encourage Weak Auth
TRUE POSITIVE semantic concern. The middleware example only checks whether a token cookie exists before allowing protected routes. The admin page example checks a session role but does not show session integrity validation, creating a risk that users copy incomplete authorization patterns.
The snippets are demonstrably incomplete for production authorization. Confidence is limited because they may be abbreviated examples rather than a full auth implementation.
منخفض
External Command Findings Are Markdown False Positives
FALSE POSITIVE. The many reported Ruby or shell backtick findings come from Markdown code fences, inline route paths, JSX template literals, and TypeScript examples. I found no instruction that executes shell commands or asks the assistant to run untrusted commands.
The cited lines are documentation syntax and TypeScript examples, not executable Ruby or shell code. The skill contains only Markdown files.
منخفض
Weak Cryptography Findings Are Text-Match False Positives
FALSE POSITIVE. The reported weak cryptographic algorithm locations contain ordinary words such as description or design-related prose, not MD5, SHA-1, DES, or cryptographic API usage. No evidence found of weak cryptography instructions.
Targeted review found no cryptographic algorithm references at the flagged locations. The matches appear to be substring-based analyzer noise.
منخفض
Network, Storage, And Path Traversal Findings Are Benign Documentation
FALSE POSITIVE. The fetch, localStorage, and /app/.../page.tsx references describe normal Next.js and browser concepts. They do not collect credentials, access files, traverse paths, or make external network requests from the skill itself.
The flagged tokens are explanatory framework terms inside Markdown. No executable file access, browser storage access, or outbound request code exists in the skill package.
منخفض
Critical Heuristic Combinations Are Not Confirmed
FALSE POSITIVE. The static heuristic combined unrelated documentation terms and examples into a dangerous pattern. Review found no credential access, exfiltration endpoint, obfuscation, executable script, or prompt injection attempt.
Manual review of the referenced files showed only instructional Markdown and short Next.js examples. The dangerous combination is not semantically present.
دقّقه: codex

إصدار التدقيق 6

آمن

Jan 21, 2026, 04:52 PM

This skill is a documentation and guidance resource for Next.js App Router development. All 131 static findings are false positives - they are TypeScript/JavaScript code examples in markdown documentation files. No executable code, network access, or filesystem operations are performed by this skill.

3
الملفات التي تم فحصها
1,977
الأسطر التي تم تحليلها
3
Review items
0
False positives ignored

عوامل الخطر

⚙️ الأوامر الخارجية (101)
references/app-router-patterns.md:7-34 references/app-router-patterns.md:34-40 references/app-router-patterns.md:40-50 references/app-router-patterns.md:50-56 references/app-router-patterns.md:56-68 references/app-router-patterns.md:68-74 references/app-router-patterns.md:74-83 references/app-router-patterns.md:83-85 references/app-router-patterns.md:85-106 references/app-router-patterns.md:106-110 references/app-router-patterns.md:110-132 references/app-router-patterns.md:132-138 references/app-router-patterns.md:138-164 references/app-router-patterns.md:164-170 references/app-router-patterns.md:170-182 references/app-router-patterns.md:182-183 references/app-router-patterns.md:183-192 references/app-router-patterns.md:192-196 references/app-router-patterns.md:196-215 references/app-router-patterns.md:215-219 references/app-router-patterns.md:219-227 references/app-router-patterns.md:227-231 references/app-router-patterns.md:231-246 SKILL.md:15 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:22 SKILL.md:25-48 SKILL.md:48-50 SKILL.md:50-53 SKILL.md:53-54 SKILL.md:54-55 SKILL.md:55-58 SKILL.md:58-59 SKILL.md:59-60 SKILL.md:60-63 SKILL.md:63-76 SKILL.md:76-88 SKILL.md:88-90 SKILL.md:90-93 SKILL.md:93-94 SKILL.md:94-97 SKILL.md:97-107 SKILL.md:107-111 SKILL.md:111-112 SKILL.md:112-130 SKILL.md:130-132 SKILL.md:132-133 SKILL.md:133-148 SKILL.md:148-150 SKILL.md:150-151 SKILL.md:151-163 SKILL.md:163-173 SKILL.md:173-174 SKILL.md:174 SKILL.md:174-175 SKILL.md:175 SKILL.md:175-176 SKILL.md:176 SKILL.md:176-180 SKILL.md:180-195 SKILL.md:195-200 SKILL.md:200-214 SKILL.md:214-217 SKILL.md:217-231 SKILL.md:231-235 SKILL.md:235-236 SKILL.md:236-252 SKILL.md:252-254 SKILL.md:254-255 SKILL.md:255-268 SKILL.md:268-273 SKILL.md:273-275 SKILL.md:275-278 SKILL.md:278-296 SKILL.md:296-303 SKILL.md:303-305 SKILL.md:305-308 SKILL.md:308-310 SKILL.md:310-311 SKILL.md:311-314 SKILL.md:314-319 SKILL.md:319-324 SKILL.md:324-334 SKILL.md:334-335 SKILL.md:335-337 SKILL.md:337-346 SKILL.md:346-359 SKILL.md:359-362 SKILL.md:362-370 SKILL.md:370-373 SKILL.md:373-387 SKILL.md:387-391 SKILL.md:391-392 SKILL.md:392-393 SKILL.md:393-395 SKILL.md:395-396 SKILL.md:396-397 SKILL.md:397-401 SKILL.md:401
🌐 الوصول إلى الشبكة (1)
📁 الوصول إلى نظام الملفات (1)
دقّقه: claude

إصدار التدقيق 5

مخاطر متوسطة Audit incomplete

Jan 16, 2026, 06:00 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

3
الملفات التي تم فحصها
838
الأسطر التي تم تحليلها
4
Review items
0
False positives ignored

عوامل الخطر

⚙️ الأوامر الخارجية (101)
references/app-router-patterns.md:7-34 references/app-router-patterns.md:34-40 references/app-router-patterns.md:40-50 references/app-router-patterns.md:50-56 references/app-router-patterns.md:56-68 references/app-router-patterns.md:68-74 references/app-router-patterns.md:74-83 references/app-router-patterns.md:83-85 references/app-router-patterns.md:85-106 references/app-router-patterns.md:106-110 references/app-router-patterns.md:110-132 references/app-router-patterns.md:132-138 references/app-router-patterns.md:138-164 references/app-router-patterns.md:164-170 references/app-router-patterns.md:170-182 references/app-router-patterns.md:182-183 references/app-router-patterns.md:183-192 references/app-router-patterns.md:192-196 references/app-router-patterns.md:196-215 references/app-router-patterns.md:215-219 references/app-router-patterns.md:219-227 references/app-router-patterns.md:227-231 references/app-router-patterns.md:231-246 SKILL.md:15 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:22 SKILL.md:25-48 SKILL.md:48-50 SKILL.md:50-53 SKILL.md:53-54 SKILL.md:54-55 SKILL.md:55-58 SKILL.md:58-59 SKILL.md:59-60 SKILL.md:60-63 SKILL.md:63-76 SKILL.md:76-88 SKILL.md:88-90 SKILL.md:90-93 SKILL.md:93-94 SKILL.md:94-97 SKILL.md:97-107 SKILL.md:107-111 SKILL.md:111-112 SKILL.md:112-130 SKILL.md:130-132 SKILL.md:132-133 SKILL.md:133-148 SKILL.md:148-150 SKILL.md:150-151 SKILL.md:151-163 SKILL.md:163-173 SKILL.md:173-174 SKILL.md:174 SKILL.md:174-175 SKILL.md:175 SKILL.md:175-176 SKILL.md:176 SKILL.md:176-180 SKILL.md:180-195 SKILL.md:195-200 SKILL.md:200-214 SKILL.md:214-217 SKILL.md:217-231 SKILL.md:231-235 SKILL.md:235-236 SKILL.md:236-252 SKILL.md:252-254 SKILL.md:254-255 SKILL.md:255-268 SKILL.md:268-273 SKILL.md:273-275 SKILL.md:275-278 SKILL.md:278-296 SKILL.md:296-303 SKILL.md:303-305 SKILL.md:305-308 SKILL.md:308-310 SKILL.md:310-311 SKILL.md:311-314 SKILL.md:314-319 SKILL.md:319-324 SKILL.md:324-334 SKILL.md:334-335 SKILL.md:335-337 SKILL.md:337-346 SKILL.md:346-359 SKILL.md:359-362 SKILL.md:362-370 SKILL.md:370-373 SKILL.md:373-387 SKILL.md:387-391 SKILL.md:391-392 SKILL.md:392-393 SKILL.md:393-395 SKILL.md:395-396 SKILL.md:396-397 SKILL.md:397-401 SKILL.md:401
🌐 الوصول إلى الشبكة (1)
📁 الوصول إلى نظام الملفات (1)

الأنماط المكتشفة

Ruby/shell backtick executionWeak cryptographic algorithmSystem reconnaissanceFetch API callPath traversal sequenceBrowser storage access[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network
دقّقه: claude

إصدار التدقيق 4

مخاطر متوسطة Audit incomplete

Jan 16, 2026, 06:00 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

3
الملفات التي تم فحصها
838
الأسطر التي تم تحليلها
4
Review items
0
False positives ignored

عوامل الخطر

⚙️ الأوامر الخارجية (101)
references/app-router-patterns.md:7-34 references/app-router-patterns.md:34-40 references/app-router-patterns.md:40-50 references/app-router-patterns.md:50-56 references/app-router-patterns.md:56-68 references/app-router-patterns.md:68-74 references/app-router-patterns.md:74-83 references/app-router-patterns.md:83-85 references/app-router-patterns.md:85-106 references/app-router-patterns.md:106-110 references/app-router-patterns.md:110-132 references/app-router-patterns.md:132-138 references/app-router-patterns.md:138-164 references/app-router-patterns.md:164-170 references/app-router-patterns.md:170-182 references/app-router-patterns.md:182-183 references/app-router-patterns.md:183-192 references/app-router-patterns.md:192-196 references/app-router-patterns.md:196-215 references/app-router-patterns.md:215-219 references/app-router-patterns.md:219-227 references/app-router-patterns.md:227-231 references/app-router-patterns.md:231-246 SKILL.md:15 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:22 SKILL.md:25-48 SKILL.md:48-50 SKILL.md:50-53 SKILL.md:53-54 SKILL.md:54-55 SKILL.md:55-58 SKILL.md:58-59 SKILL.md:59-60 SKILL.md:60-63 SKILL.md:63-76 SKILL.md:76-88 SKILL.md:88-90 SKILL.md:90-93 SKILL.md:93-94 SKILL.md:94-97 SKILL.md:97-107 SKILL.md:107-111 SKILL.md:111-112 SKILL.md:112-130 SKILL.md:130-132 SKILL.md:132-133 SKILL.md:133-148 SKILL.md:148-150 SKILL.md:150-151 SKILL.md:151-163 SKILL.md:163-173 SKILL.md:173-174 SKILL.md:174 SKILL.md:174-175 SKILL.md:175 SKILL.md:175-176 SKILL.md:176 SKILL.md:176-180 SKILL.md:180-195 SKILL.md:195-200 SKILL.md:200-214 SKILL.md:214-217 SKILL.md:217-231 SKILL.md:231-235 SKILL.md:235-236 SKILL.md:236-252 SKILL.md:252-254 SKILL.md:254-255 SKILL.md:255-268 SKILL.md:268-273 SKILL.md:273-275 SKILL.md:275-278 SKILL.md:278-296 SKILL.md:296-303 SKILL.md:303-305 SKILL.md:305-308 SKILL.md:308-310 SKILL.md:310-311 SKILL.md:311-314 SKILL.md:314-319 SKILL.md:319-324 SKILL.md:324-334 SKILL.md:334-335 SKILL.md:335-337 SKILL.md:337-346 SKILL.md:346-359 SKILL.md:359-362 SKILL.md:362-370 SKILL.md:370-373 SKILL.md:373-387 SKILL.md:387-391 SKILL.md:391-392 SKILL.md:392-393 SKILL.md:393-395 SKILL.md:395-396 SKILL.md:396-397 SKILL.md:397-401 SKILL.md:401
🌐 الوصول إلى الشبكة (1)
📁 الوصول إلى نظام الملفات (1)

الأنماط المكتشفة

Ruby/shell backtick executionWeak cryptographic algorithmSystem reconnaissanceFetch API callPath traversal sequenceBrowser storage access[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network
دقّقه: claude

إصدار التدقيق 3

آمن

Jan 10, 2026, 11:07 AM

Pure documentation skill with no executable code. Contains only markdown guidance and TypeScript code templates for Next.js App Router development patterns.

2
الملفات التي تم فحصها
402
الأسطر التي تم تحليلها
0
Review items
0
False positives ignored
لم تُكتشف مشكلات أمنية
دقّقه: claude

إصدار التدقيق 2

آمن

Jan 10, 2026, 11:07 AM

Pure documentation skill with no executable code. Contains only markdown guidance and TypeScript code templates for Next.js App Router development patterns.

2
الملفات التي تم فحصها
402
الأسطر التي تم تحليلها
0
Review items
0
False positives ignored
لم تُكتشف مشكلات أمنية
دقّقه: claude

إصدار التدقيق 1

آمن

Jan 10, 2026, 11:07 AM

Pure documentation skill with no executable code. Contains only markdown guidance and TypeScript code templates for Next.js App Router development patterns.

2
الملفات التي تم فحصها
402
الأسطر التي تم تحليلها
0
Review items
0
False positives ignored
لم تُكتشف مشكلات أمنية
دقّقه: claude