Audit-Verlauf - hypogenic

Audit-Version 6

Neueste Niedriges Risiko

Jan 21, 2026, 05:27 PM

This scientific hypothesis generation skill was scanned with 126 potential issues detected. After evaluation, all findings are false positives: environment variable references for API keys follow security best practices; hardcoded URLs are legitimate documentation links; shell command examples are user setup instructions; no actual cryptographic code or command-and-control patterns exist. The skill makes normal LLM API calls for hypothesis generation, which is expected functionality.

3

Gescannte Dateien

2,075

Analysierte Zeilen

2

befunde

claude

Auditiert von

Keine Sicherheitsprobleme gefunden

Risikofaktoren

🌐 Netzwerkzugriff (4)

SKILL.md:24 SKILL.md:544 SKILL.md:564 SKILL.md:603-604

⚙️ Externe Befehle (3)

SKILL.md:19-31 SKILL.md:123-125 SKILL.md:233-235

Audit-Version 5

Mittleres Risiko

Jan 17, 2026, 07:51 AM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

3

Gescannte Dateien

1,017

Analysierte Zeilen

3

befunde

claude

Auditiert von

Keine Sicherheitsprobleme gefunden

Risikofaktoren

🔑 Umgebungsvariablen (2)

references/config_template.yaml:17 references/config_template.yaml:17

🌐 Netzwerkzugriff (18)

skill-report.json:6 SKILL.md:24 SKILL.md:135 SKILL.md:138 SKILL.md:290 SKILL.md:316 SKILL.md:544 SKILL.md:556 SKILL.md:564 SKILL.md:565 SKILL.md:577 SKILL.md:585 SKILL.md:595 SKILL.md:603 SKILL.md:604 SKILL.md:606 SKILL.md:614 SKILL.md:617

⚙️ Externe Befehle (80)

SKILL.md:19-31 SKILL.md:31-35 SKILL.md:35-46 SKILL.md:46-123 SKILL.md:123-125 SKILL.md:125-133 SKILL.md:133-139 SKILL.md:139-146 SKILL.md:146-147 SKILL.md:147-148 SKILL.md:148-151 SKILL.md:151 SKILL.md:151-152 SKILL.md:152-155 SKILL.md:155-170 SKILL.md:170-174 SKILL.md:174-175 SKILL.md:175 SKILL.md:175-179 SKILL.md:179-191 SKILL.md:191 SKILL.md:191-196 SKILL.md:196-224 SKILL.md:224-226 SKILL.md:226-233 SKILL.md:233-235 SKILL.md:235-238 SKILL.md:238-241 SKILL.md:241-248 SKILL.md:248-256 SKILL.md:256-258 SKILL.md:258-269 SKILL.md:269-271 SKILL.md:271-286 SKILL.md:286-310 SKILL.md:310-314 SKILL.md:314-329 SKILL.md:329-333 SKILL.md:333-342 SKILL.md:342-346 SKILL.md:346-348 SKILL.md:348-360 SKILL.md:360-362 SKILL.md:362-372 SKILL.md:372-374 SKILL.md:374-376 SKILL.md:376-378 SKILL.md:378-380 SKILL.md:380-390 SKILL.md:390-392 SKILL.md:392-394 SKILL.md:394-406 SKILL.md:406-408 SKILL.md:408-430 SKILL.md:430-436 SKILL.md:436-439 SKILL.md:439-448 SKILL.md:448-449 SKILL.md:449-450 SKILL.md:450-452 SKILL.md:452 SKILL.md:452-460 SKILL.md:460 SKILL.md:460-466 SKILL.md:466-488 SKILL.md:488-493 SKILL.md:493-496 SKILL.md:496-502 SKILL.md:502-508 SKILL.md:508-514 SKILL.md:514-530 SKILL.md:530-548 SKILL.md:548-558 SKILL.md:558-569 SKILL.md:569-579 SKILL.md:579-589 SKILL.md:589-597 SKILL.md:597-612 SKILL.md:612-618 SKILL.md:618-632

Erkannte Muster

Generic API/secret keysWeak cryptographic algorithmHardcoded URLC2 keywordsRuby/shell backtick executionSystem reconnaissance[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access

Audit-Version 4

Mittleres Risiko

Jan 17, 2026, 07:51 AM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

3

Gescannte Dateien

1,017

Analysierte Zeilen

3

befunde

claude

Auditiert von

Keine Sicherheitsprobleme gefunden

Risikofaktoren

🔑 Umgebungsvariablen (2)

references/config_template.yaml:17 references/config_template.yaml:17

🌐 Netzwerkzugriff (18)

skill-report.json:6 SKILL.md:24 SKILL.md:135 SKILL.md:138 SKILL.md:290 SKILL.md:316 SKILL.md:544 SKILL.md:556 SKILL.md:564 SKILL.md:565 SKILL.md:577 SKILL.md:585 SKILL.md:595 SKILL.md:603 SKILL.md:604 SKILL.md:606 SKILL.md:614 SKILL.md:617

⚙️ Externe Befehle (80)

SKILL.md:19-31 SKILL.md:31-35 SKILL.md:35-46 SKILL.md:46-123 SKILL.md:123-125 SKILL.md:125-133 SKILL.md:133-139 SKILL.md:139-146 SKILL.md:146-147 SKILL.md:147-148 SKILL.md:148-151 SKILL.md:151 SKILL.md:151-152 SKILL.md:152-155 SKILL.md:155-170 SKILL.md:170-174 SKILL.md:174-175 SKILL.md:175 SKILL.md:175-179 SKILL.md:179-191 SKILL.md:191 SKILL.md:191-196 SKILL.md:196-224 SKILL.md:224-226 SKILL.md:226-233 SKILL.md:233-235 SKILL.md:235-238 SKILL.md:238-241 SKILL.md:241-248 SKILL.md:248-256 SKILL.md:256-258 SKILL.md:258-269 SKILL.md:269-271 SKILL.md:271-286 SKILL.md:286-310 SKILL.md:310-314 SKILL.md:314-329 SKILL.md:329-333 SKILL.md:333-342 SKILL.md:342-346 SKILL.md:346-348 SKILL.md:348-360 SKILL.md:360-362 SKILL.md:362-372 SKILL.md:372-374 SKILL.md:374-376 SKILL.md:376-378 SKILL.md:378-380 SKILL.md:380-390 SKILL.md:390-392 SKILL.md:392-394 SKILL.md:394-406 SKILL.md:406-408 SKILL.md:408-430 SKILL.md:430-436 SKILL.md:436-439 SKILL.md:439-448 SKILL.md:448-449 SKILL.md:449-450 SKILL.md:450-452 SKILL.md:452 SKILL.md:452-460 SKILL.md:460 SKILL.md:460-466 SKILL.md:466-488 SKILL.md:488-493 SKILL.md:493-496 SKILL.md:496-502 SKILL.md:502-508 SKILL.md:508-514 SKILL.md:514-530 SKILL.md:530-548 SKILL.md:548-558 SKILL.md:558-569 SKILL.md:569-579 SKILL.md:579-589 SKILL.md:589-597 SKILL.md:597-612 SKILL.md:612-618 SKILL.md:618-632

Erkannte Muster

Generic API/secret keysWeak cryptographic algorithmHardcoded URLC2 keywordsRuby/shell backtick executionSystem reconnaissance[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access

Audit-Version 3

Mittleres Risiko

Jan 12, 2026, 04:30 PM

The skill contains legitimate research tooling with some security considerations. External command execution is used for academic tools like GROBID PDF processing, not malicious purposes. API key access is standard for LLM integration. The 'C2 keywords' finding appears to be a false positive - the context is academic citations, not command & control infrastructure.

2

Gescannte Dateien

806

Analysierte Zeilen

5

befunde

claude

Auditiert von

Probleme mit mittlerem Risiko (1)

SKILL.md:233 SKILL.md:243

External command execution for GROBID PDF processing

External commands are used to set up and run GROBID for PDF literature processing. GROBID is a legitimate open-source academic tool for extracting structured information from scientific PDFs. The bash scripts in modules/ directory are used for academic research purposes, not for malicious activities.

Probleme mit niedrigem Risiko (1)

SKILL.md:24 SKILL.md:135

Hardcoded URLs to academic resources

The skill references hardcoded URLs pointing to legitimate academic resources including arXiv papers, GitHub repositories for the ChicagoHAI research group, and PyPI package distribution. These URLs are for accessing open-source research tools and datasets essential to the skill's functionality.

Risikofaktoren

🔑 Umgebungsvariablen (1)

references/config_template.yaml:17

⚙️ Externe Befehle (2)

SKILL.md:233 SKILL.md:243

🌐 Netzwerkzugriff (2)

SKILL.md:24 SKILL.md:135

Audit-Version 2

Mittleres Risiko

Jan 12, 2026, 04:30 PM

The skill contains legitimate research tooling with some security considerations. External command execution is used for academic tools like GROBID PDF processing, not malicious purposes. API key access is standard for LLM integration. The 'C2 keywords' finding appears to be a false positive - the context is academic citations, not command & control infrastructure.

2

Gescannte Dateien

806

Analysierte Zeilen

5

befunde

claude

Auditiert von

Probleme mit mittlerem Risiko (1)

SKILL.md:233 SKILL.md:243

External command execution for GROBID PDF processing

External commands are used to set up and run GROBID for PDF literature processing. GROBID is a legitimate open-source academic tool for extracting structured information from scientific PDFs. The bash scripts in modules/ directory are used for academic research purposes, not for malicious activities.

Probleme mit niedrigem Risiko (1)

SKILL.md:24 SKILL.md:135

Hardcoded URLs to academic resources

The skill references hardcoded URLs pointing to legitimate academic resources including arXiv papers, GitHub repositories for the ChicagoHAI research group, and PyPI package distribution. These URLs are for accessing open-source research tools and datasets essential to the skill's functionality.

Risikofaktoren

🔑 Umgebungsvariablen (1)

references/config_template.yaml:17

⚙️ Externe Befehle (2)

SKILL.md:233 SKILL.md:243

🌐 Netzwerkzugriff (2)

SKILL.md:24 SKILL.md:135

Audit-Version 1

Sicher

Jan 4, 2026, 04:39 PM

The skill files are pure documentation and configuration templates. No executable code exists in the skill directory. All described functionality (CLI commands, Python API, Redis caching) refers to an external hypogenic package that users install separately. The skill itself only provides guidance, templates, and usage instructions for Claude to help users work with this external package.

5

Gescannte Dateien

1,036

Analysierte Zeilen

1

befunde

claude

Auditiert von

Keine Sicherheitsprobleme gefunden

Risikofaktoren

🌐 Netzwerkzugriff (1)

references/config_template.yaml:15-19