Historial de auditorías - vibe-security

Versión de auditoría 3

Más reciente Seguro

Jan 16, 2026, 12:28 PM

This is a legitimate defensive security scanner skill. All 263 static findings are FALSE POSITIVES. The detected patterns are vulnerability detection rules (CSV data files), example vulnerable/safe code pairs (fix templates), and analyzer code that detects security issues in user code. No malicious intent, data exfiltration, or unauthorized access patterns found. The skill helps developers identify and fix security vulnerabilities.

20

Archivos escaneados

3,213

Líneas analizadas

5

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (4)

data/patterns.csv:1-20 data/advanced-patterns.csv:1-29 data/vulnerabilities.csv:1-10 scripts/ast_analyzer.py:1-262

⚙️ Comandos externos (3)

scripts/cve_integration.py:33-35 scripts/cve_integration.py:72-74 SKILL.md:14-36

🌐 Acceso a red (2)

scripts/reporter.py:230-236 SKILL.md:481-483

📁 Acceso al sistema de archivos (2)

scripts/autofix_engine.py:36-40 data/fix-templates.csv:7

🔑 Variables de entorno (2)

data/fix-templates.csv:6 data/vulnerabilities.csv:6

Versión de auditoría 2

Seguro

Jan 16, 2026, 12:28 PM

This is a legitimate defensive security scanner skill. All 263 static findings are FALSE POSITIVES. The detected patterns are vulnerability detection rules (CSV data files), example vulnerable/safe code pairs (fix templates), and analyzer code that detects security issues in user code. No malicious intent, data exfiltration, or unauthorized access patterns found. The skill helps developers identify and fix security vulnerabilities.

20

Archivos escaneados

3,213

Líneas analizadas

5

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (4)

data/patterns.csv:1-20 data/advanced-patterns.csv:1-29 data/vulnerabilities.csv:1-10 scripts/ast_analyzer.py:1-262

⚙️ Comandos externos (3)

scripts/cve_integration.py:33-35 scripts/cve_integration.py:72-74 SKILL.md:14-36

🌐 Acceso a red (2)

scripts/reporter.py:230-236 SKILL.md:481-483

📁 Acceso al sistema de archivos (2)

scripts/autofix_engine.py:36-40 data/fix-templates.csv:7

🔑 Variables de entorno (2)

data/fix-templates.csv:6 data/vulnerabilities.csv:6

Versión de auditoría 1

Riesgo bajo

Jan 10, 2026, 08:44 AM

Legitimate security scanning tool with no malicious patterns. Contains Python scripts and filesystem access required for code analysis. Uses subprocess only for standard package manager audit tools (npm, pip-audit, cargo). All data processing is local with no exfiltration.

9

Archivos escaneados

2,641

Líneas analizadas

4

hallazgos

claude

Auditado por

Problemas de riesgo bajo (1)

scripts/cve_integration.py:33-39

External subprocess execution for package scanning

The CVE integration module uses subprocess to invoke package manager audit tools: npm audit (lines 33-39), pip-audit (lines 72-77), and cargo audit (lines 148-154). These are legitimate security scanning operations but represent external command execution that requires trust.

Factores de riesgo

⚡ Contiene scripts (8)

scripts/core.py:1-133 scripts/ast_analyzer.py:1-262 scripts/dataflow_analyzer.py:1-288 scripts/fix_engine.py:1-360 scripts/cve_integration.py:1-284 scripts/autofix_engine.py:1-383 scripts/search.py:1-113 scripts/reporter.py:1-333

📁 Acceso al sistema de archivos (5)

scripts/ast_analyzer.py:216 scripts/dataflow_analyzer.py:246 scripts/autofix_engine.py:81-122 scripts/cve_integration.py:25-27 scripts/reporter.py:88-264

⚙️ Comandos externos (3)

scripts/cve_integration.py:33-39 scripts/cve_integration.py:72-77 scripts/cve_integration.py:148-154