Fähigkeiten diffdock Audit-Verlauf
🧬

Audit-Verlauf

diffdock - 4 Audits

Audit-Version 4

Neueste Sicher

Jan 17, 2026, 06:46 AM

The static analysis flagged 295 potential issues, but ALL are FALSE POSITIVES. The scanner incorrectly identified scientific protein sequences (GFP containing 'SAM') as Windows SAM database references, scientific paper citations as weak cryptographic algorithms, standard Python loops as C2 beacon patterns, and markdown code block syntax as shell execution. This is a legitimate molecular docking research tool with no malicious intent or security vulnerabilities.

10
Gescannte Dateien
2,493
Analysierte Zeilen
4
befunde
claude
Auditiert von
Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚙️ Externe Befehle (4)
SKILL.md:42-470 references/confidence_and_limitations.md:146-166 references/parameters_reference.md:8-159 references/workflows_examples.md:9-377
🌐 Netzwerkzugriff (2)
SKILL.md:53-480 scripts/setup_check.py:179-194
📁 Dateisystemzugriff (2)
scripts/analyze_results.py:214 references/workflows_examples.md:290
⚡ Enthält Skripte (1)
scripts/setup_check.py:40

Audit-Version 3

Sicher

Jan 17, 2026, 06:46 AM

The static analysis flagged 295 potential issues, but ALL are FALSE POSITIVES. The scanner incorrectly identified scientific protein sequences (GFP containing 'SAM') as Windows SAM database references, scientific paper citations as weak cryptographic algorithms, standard Python loops as C2 beacon patterns, and markdown code block syntax as shell execution. This is a legitimate molecular docking research tool with no malicious intent or security vulnerabilities.

10
Gescannte Dateien
2,493
Analysierte Zeilen
4
befunde
claude
Auditiert von
Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚙️ Externe Befehle (4)
SKILL.md:42-470 references/confidence_and_limitations.md:146-166 references/parameters_reference.md:8-159 references/workflows_examples.md:9-377
🌐 Netzwerkzugriff (2)
SKILL.md:53-480 scripts/setup_check.py:179-194
📁 Dateisystemzugriff (2)
scripts/analyze_results.py:214 references/workflows_examples.md:290
⚡ Enthält Skripte (1)
scripts/setup_check.py:40

Audit-Version 2

Sicher

Jan 12, 2026, 04:19 PM

The static analysis flagged numerous false positives from documentation files containing bash command examples. No actual security vulnerabilities were found in the executable code. The skill is a legitimate scientific tool for molecular docking research.

9
Gescannte Dateien
2,188
Analysierte Zeilen
4
befunde
claude
Auditiert von
Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚙️ Externe Befehle (3)
references/workflows_examples.md:9-12 references/parameters_reference.md:8-15 SKILL.md:42-45
🌐 Netzwerkzugriff (2)
scripts/setup_check.py:179-194 SKILL.md:53
📁 Dateisystemzugriff (2)
scripts/analyze_results.py:214 references/workflows_examples.md:290
⚡ Enthält Skripte (1)
scripts/setup_check.py:40

Audit-Version 1

Niedriges Risiko

Jan 4, 2026, 05:11 PM

The skill includes local helper scripts that read and write user-specified files for validation and reporting. No network access, credential harvesting, or command execution was found. This is a legitimate scientific tool wrapper.

11
Gescannte Dateien
2,440
Analysierte Zeilen
3
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (1)
scripts/analyze_results.py:91-109scripts/analyze_results.py:214-231
Reads and writes user-specified files
The scripts read local result files and write CSV summaries, for example `with open(confidence_file) as f:` and `with open(output_path, 'w', newline='') as f:`. This is expected for validation and reporting, but it means the skill can access any file path a user provides, which could expose sensitive data if misused.

Risikofaktoren

⚡ Enthält Skripte (3)
scripts/setup_check.py:1-5 scripts/prepare_batch_csv.py:1-5 scripts/analyze_results.py:1-5
📁 Dateisystemzugriff (3)
scripts/prepare_batch_csv.py:44-56 scripts/analyze_results.py:91-109 scripts/analyze_results.py:214-231
← Zurück zum Skill