Fähigkeiten 1password-credential-lookup Audit-Verlauf
🔐

Audit-Verlauf

1password-credential-lookup - 5 Audits

Audit-Version 5

Neueste Niedriges Risiko

Jan 16, 2026, 09:02 PM

Legitimate credential lookup tool that uses 1Password CLI for secure retrieval. No network calls, no credential exfiltration. Subprocess calls to `op` CLI use hardcoded string arguments. Static findings are false positives triggered by expected credential access patterns.

3
Gescannte Dateien
507
Analysierte Zeilen
3
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (1)
scripts/find_credential.py:112-128
Credentials output via stdout
Script outputs credentials as JSON to stdout. This is the designed behavior for credential retrieval. Not a security flaw but expected functionality.

Risikofaktoren

⚙️ Externe Befehle (1)
scripts/find_credential.py:30-31
📁 Dateisystemzugriff (1)
scripts/find_credential.py:57-87

Audit-Version 4

Niedriges Risiko

Jan 16, 2026, 09:02 PM

Legitimate credential lookup tool that uses 1Password CLI for secure retrieval. No network calls, no credential exfiltration. Subprocess calls to `op` CLI use hardcoded string arguments. Static findings are false positives triggered by expected credential access patterns.

3
Gescannte Dateien
507
Analysierte Zeilen
3
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (1)
scripts/find_credential.py:112-128
Credentials output via stdout
Script outputs credentials as JSON to stdout. This is the designed behavior for credential retrieval. Not a security flaw but expected functionality.

Risikofaktoren

⚙️ Externe Befehle (1)
scripts/find_credential.py:30-31
📁 Dateisystemzugriff (1)
scripts/find_credential.py:57-87

Audit-Version 3

Niedriges Risiko

Jan 10, 2026, 12:14 PM

Legitimate credential lookup tool that uses 1Password CLI for secure credential retrieval. No network calls, no credential exfiltration, and behavior matches stated purpose.

2
Gescannte Dateien
252
Analysierte Zeilen
4
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (1)
scripts/find_credential.py:112-116scripts/find_credential.py:128
Credentials output via stdout
The script outputs credentials (username/password) as JSON to stdout at lines 112-116 and 128. While this is the intended purpose for credential retrieval, credentials are exposed in process output which could be logged or captured. An attacker with access to the system could potentially read credentials from process listings or logs.

Risikofaktoren

⚡ Enthält Skripte (1)
scripts/find_credential.py:1-146
⚙️ Externe Befehle (3)
scripts/find_credential.py:30-31 scripts/find_credential.py:58 scripts/find_credential.py:81
📁 Dateisystemzugriff (2)
scripts/find_credential.py:57-77 scripts/find_credential.py:80-87

Audit-Version 2

Niedriges Risiko

Jan 10, 2026, 12:14 PM

Legitimate credential lookup tool that uses 1Password CLI for secure credential retrieval. No network calls, no credential exfiltration, and behavior matches stated purpose.

2
Gescannte Dateien
252
Analysierte Zeilen
4
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (1)
scripts/find_credential.py:112-116scripts/find_credential.py:128
Credentials output via stdout
The script outputs credentials (username/password) as JSON to stdout at lines 112-116 and 128. While this is the intended purpose for credential retrieval, credentials are exposed in process output which could be logged or captured. An attacker with access to the system could potentially read credentials from process listings or logs.

Risikofaktoren

⚡ Enthält Skripte (1)
scripts/find_credential.py:1-146
⚙️ Externe Befehle (3)
scripts/find_credential.py:30-31 scripts/find_credential.py:58 scripts/find_credential.py:81
📁 Dateisystemzugriff (2)
scripts/find_credential.py:57-77 scripts/find_credential.py:80-87

Audit-Version 1

Niedriges Risiko

Jan 10, 2026, 12:14 PM

Legitimate credential lookup tool that uses 1Password CLI for secure credential retrieval. No network calls, no credential exfiltration, and behavior matches stated purpose.

2
Gescannte Dateien
252
Analysierte Zeilen
4
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (1)
scripts/find_credential.py:112-116scripts/find_credential.py:128
Credentials output via stdout
The script outputs credentials (username/password) as JSON to stdout at lines 112-116 and 128. While this is the intended purpose for credential retrieval, credentials are exposed in process output which could be logged or captured. An attacker with access to the system could potentially read credentials from process listings or logs.

Risikofaktoren

⚡ Enthält Skripte (1)
scripts/find_credential.py:1-146
⚙️ Externe Befehle (3)
scripts/find_credential.py:30-31 scripts/find_credential.py:58 scripts/find_credential.py:81
📁 Dateisystemzugriff (2)
scripts/find_credential.py:57-77 scripts/find_credential.py:80-87
← Zurück zum Skill