سجل التدقيق - 1password-credential-lookup

إصدار التدقيق 5

الأحدث مخاطر منخفضة

Jan 16, 2026, 09:02 PM

Legitimate credential lookup tool that uses 1Password CLI for secure retrieval. No network calls, no credential exfiltration. Subprocess calls to `op` CLI use hardcoded string arguments. Static findings are false positives triggered by expected credential access patterns.

3

الملفات التي تم فحصها

507

الأسطر التي تم تحليلها

3

النتائج

claude

تم تدقيقه بواسطة

مشكلات منخفضة المخاطر (1)

scripts/find_credential.py:112-128

Credentials output via stdout

Script outputs credentials as JSON to stdout. This is the designed behavior for credential retrieval. Not a security flaw but expected functionality.

عوامل الخطر

⚙️ الأوامر الخارجية (1)

scripts/find_credential.py:30-31

📁 الوصول إلى نظام الملفات (1)

scripts/find_credential.py:57-87

إصدار التدقيق 4

مخاطر منخفضة

Jan 16, 2026, 09:02 PM

Legitimate credential lookup tool that uses 1Password CLI for secure retrieval. No network calls, no credential exfiltration. Subprocess calls to `op` CLI use hardcoded string arguments. Static findings are false positives triggered by expected credential access patterns.

3

الملفات التي تم فحصها

507

الأسطر التي تم تحليلها

3

النتائج

claude

تم تدقيقه بواسطة

مشكلات منخفضة المخاطر (1)

scripts/find_credential.py:112-128

Credentials output via stdout

Script outputs credentials as JSON to stdout. This is the designed behavior for credential retrieval. Not a security flaw but expected functionality.

عوامل الخطر

⚙️ الأوامر الخارجية (1)

scripts/find_credential.py:30-31

📁 الوصول إلى نظام الملفات (1)

scripts/find_credential.py:57-87

إصدار التدقيق 3

مخاطر منخفضة

Jan 10, 2026, 12:14 PM

Legitimate credential lookup tool that uses 1Password CLI for secure credential retrieval. No network calls, no credential exfiltration, and behavior matches stated purpose.

2

الملفات التي تم فحصها

252

الأسطر التي تم تحليلها

4

النتائج

claude

تم تدقيقه بواسطة

مشكلات منخفضة المخاطر (1)

scripts/find_credential.py:112-116 scripts/find_credential.py:128

Credentials output via stdout

The script outputs credentials (username/password) as JSON to stdout at lines 112-116 and 128. While this is the intended purpose for credential retrieval, credentials are exposed in process output which could be logged or captured. An attacker with access to the system could potentially read credentials from process listings or logs.

عوامل الخطر

⚡ يحتوي على سكربتات (1)

scripts/find_credential.py:1-146

⚙️ الأوامر الخارجية (3)

scripts/find_credential.py:30-31 scripts/find_credential.py:58 scripts/find_credential.py:81

📁 الوصول إلى نظام الملفات (2)

scripts/find_credential.py:57-77 scripts/find_credential.py:80-87

إصدار التدقيق 2

مخاطر منخفضة

Jan 10, 2026, 12:14 PM

Legitimate credential lookup tool that uses 1Password CLI for secure credential retrieval. No network calls, no credential exfiltration, and behavior matches stated purpose.

2

الملفات التي تم فحصها

252

الأسطر التي تم تحليلها

4

النتائج

claude

تم تدقيقه بواسطة

مشكلات منخفضة المخاطر (1)

scripts/find_credential.py:112-116 scripts/find_credential.py:128

Credentials output via stdout

The script outputs credentials (username/password) as JSON to stdout at lines 112-116 and 128. While this is the intended purpose for credential retrieval, credentials are exposed in process output which could be logged or captured. An attacker with access to the system could potentially read credentials from process listings or logs.

عوامل الخطر

⚡ يحتوي على سكربتات (1)

scripts/find_credential.py:1-146

⚙️ الأوامر الخارجية (3)

scripts/find_credential.py:30-31 scripts/find_credential.py:58 scripts/find_credential.py:81

📁 الوصول إلى نظام الملفات (2)

scripts/find_credential.py:57-77 scripts/find_credential.py:80-87

إصدار التدقيق 1

مخاطر منخفضة

Jan 10, 2026, 12:14 PM

Legitimate credential lookup tool that uses 1Password CLI for secure credential retrieval. No network calls, no credential exfiltration, and behavior matches stated purpose.

2

الملفات التي تم فحصها

252

الأسطر التي تم تحليلها

4

النتائج

claude

تم تدقيقه بواسطة

مشكلات منخفضة المخاطر (1)

scripts/find_credential.py:112-116 scripts/find_credential.py:128

Credentials output via stdout

The script outputs credentials (username/password) as JSON to stdout at lines 112-116 and 128. While this is the intended purpose for credential retrieval, credentials are exposed in process output which could be logged or captured. An attacker with access to the system could potentially read credentials from process listings or logs.

عوامل الخطر

⚡ يحتوي على سكربتات (1)

scripts/find_credential.py:1-146

⚙️ الأوامر الخارجية (3)

scripts/find_credential.py:30-31 scripts/find_credential.py:58 scripts/find_credential.py:81

📁 الوصول إلى نظام الملفات (2)

scripts/find_credential.py:57-77 scripts/find_credential.py:80-87