Audit-Verlauf - matchms

Audit-Version 4

Neueste Sicher

Jan 17, 2026, 06:24 AM

All 268 static findings are false positives. The analyzer incorrectly flagged markdown code blocks (backticks) as shell execution, InChIKey descriptions as cryptographic algorithms, scientific database URLs as network reconnaissance, and legitimate Python code examples as malicious patterns. Matchms is a legitimate open-source mass spectrometry library for metabolomics research.

6

Gescannte Dateien

2,173

Analysierte Zeilen

4

befunde

claude

Auditiert von

Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚡ Enthält Skripte (2)

references/filtering.md:237-273 references/workflows.md:75-502

⚙️ Externe Befehle (3)

SKILL.md:21-197 references/importing_exporting.md:11-392 references/similarity.md:7-367

🌐 Netzwerkzugriff (3)

references/importing_exporting.md:407-416 references/similarity.md:380 references/workflows.md:645-647

📁 Dateisystemzugriff (1)

references/importing_exporting.md:323-344

Audit-Version 3

Sicher

Jan 17, 2026, 06:24 AM

All 268 static findings are false positives. The analyzer incorrectly flagged markdown code blocks (backticks) as shell execution, InChIKey descriptions as cryptographic algorithms, scientific database URLs as network reconnaissance, and legitimate Python code examples as malicious patterns. Matchms is a legitimate open-source mass spectrometry library for metabolomics research.

6

Gescannte Dateien

2,173

Analysierte Zeilen

4

befunde

claude

Auditiert von

Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚡ Enthält Skripte (2)

references/filtering.md:237-273 references/workflows.md:75-502

⚙️ Externe Befehle (3)

SKILL.md:21-197 references/importing_exporting.md:11-392 references/similarity.md:7-367

🌐 Netzwerkzugriff (3)

references/importing_exporting.md:407-416 references/similarity.md:380 references/workflows.md:645-647

📁 Dateisystemzugriff (1)

references/importing_exporting.md:323-344

Audit-Version 2

Sicher

Jan 12, 2026, 05:08 PM

The static analyzer incorrectly flagged documentation code blocks as security issues. All findings are false positives - the 'weak cryptographic algorithm' and 'external commands' alerts stem from markdown documentation containing code examples and legitimate URLs to scientific resources. No actual security risks were found.

5

Gescannte Dateien

1,938

Analysierte Zeilen

3

befunde

claude

Auditiert von

Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚡ Enthält Skripte (1)

references/filtering.md:237-273

⚙️ Externe Befehle (1)

references/importing_exporting.md:11-392

🌐 Netzwerkzugriff (1)

references/importing_exporting.md:407-416

Audit-Version 1

Sicher

Jan 4, 2026, 04:58 PM

Documentation-only skill containing markdown guides and code examples for the matchms Python library. No executable code, no credential access, no network exfiltration. Pure prompt-based guidance.

8

Gescannte Dateien

1,990

Analysierte Zeilen

0

befunde

claude

Auditiert von

Keine Sicherheitsprobleme gefunden