📦

Audit-Verlauf

excel-formula-wizard - 2 Audits

Audit-Version 2

Neueste Niedriges Risiko

Jul 1, 2026, 02:15 AM

Static analysis flagged weak cryptography at SKILL.md:4 and possible obfuscation at SKILL.md:1. Both are false positives: the file contains only metadata and plain usage text, with no code execution, network access, prompt injection, or secret handling evidence.

1
Gescannte Dateien
34
Analysierte Zeilen
0
Review items
2
False positives ignored
Static false positives ignored (2)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Niedrig
False Positive: Weak Cryptographic Algorithm
The static finding at SKILL.md:4 points to the description text, not cryptographic code. No weak algorithm use, hashing logic, or security-sensitive cryptography was found.
Line 4 is frontmatter description text about Excel formulas, VBA macros, and pivot tables. There is no executable code or cryptographic operation.
Niedrig
False Positive: High File Entropy
The static entropy finding at SKILL.md:1 does not indicate obfuscation. The reviewed file is readable Markdown with short YAML frontmatter and Chinese text.
The complete file is human-readable Markdown and contains no encoded payloads, binary data, encrypted blocks, or suspicious long strings.
Keine Sicherheitsprobleme gefunden
Geprüft von: codex

Audit-Version 1

Sicher

May 21, 2026, 05:51 PM

Static analysis flagged two high-severity patterns that are both false positives. The 'weak cryptographic algorithm' alert at line 4 is a misidentification of the Chinese word '公式' (meaning 'formula') in the skill description. The 'high file entropy' alert at line 1 is caused by UTF-8 encoded Chinese text, which naturally produces higher byte-level entropy than ASCII. The skill contains only descriptive markdown with no executable code, network requests, or file system operations.

1
Gescannte Dateien
34
Analysierte Zeilen
2
Review items
0
False positives ignored

Confirmed security concerns (2)

Niedrig
Weak Cryptographic Algorithm - False Positive
Static analyzer flagged 'weak cryptographic algorithm' at line 4 of SKILL.md. This is a false positive caused by Chinese characters ('公式' meaning 'formula') in the description field. No cryptographic algorithms are present in the skill.
Line 4 contains only Chinese text describing an Excel formula tool. The term '公式' (formula) was misidentified as a cryptographic reference. Zero malicious intent.
Niedrig
High File Entropy - False Positive
Static analyzer reported high file entropy (6.25 bits) suggesting possible binary or encrypted content. This is a false positive caused by UTF-8 encoded Chinese characters, which naturally produce higher byte-level entropy than ASCII text. The file is plain markdown.
The file contains Chinese text in UTF-8 encoding. Multi-byte CJK characters inherently raise byte entropy above ASCII levels. Content is fully human-readable markdown.
Geprüft von: claude