Habilidades binary-re-static-analysis Historial de auditorías
📦

Historial de auditorías

binary-re-static-analysis - 5 auditorías

Versión de auditoría 5

Más reciente Riesgo medio

Jun 27, 2026, 04:06 PM

Static findings for external commands are mostly true positives as tool-invocation guidance, but they are not evidence of malicious code in the skill. The skill legitimately supports reverse engineering with radare2, Ghidra, QEMU, Docker, shell loops, and temporary project files; this creates elevated operational risk when analyzing untrusted binaries. No prompt injection, credential exfiltration, hidden network beaconing, or malicious intent was found in SKILL.md.

1
Archivos escaneados
407
Líneas analizadas
4
Review items
2
False positives ignored

Confirmed security concerns (2)

Medio
External Analysis Tool Execution Guidance
The skill repeatedly instructs use of radare2, Ghidra headless, QEMU, Docker, shell loops, and comparison utilities. This is expected for binary reverse engineering, but agents following the guidance may run tools against attacker-supplied binaries and should require isolation and approval.
The command examples are visible throughout SKILL.md and are semantically central to the workflow. They are legitimate analysis commands, so the confidence is high for elevated operational risk but not for malicious intent.
Medio
Optional Native Execution of Untrusted Binary
The pre-analysis workflow includes native execution of a target binary after approval. The skill warns that approval is required, but native execution of unknown binaries can still compromise the analyst environment if isolation is not used.
Line 38 directly shows running the target binary, and nearby text frames it as approval-gated. The risk is clear, although the safety warning reduces concern about malicious author intent.
Static false positives ignored (2)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Bajo
Filesystem Access Is Limited to Analysis Artifacts
The filesystem findings relate to checking a tool via standard streams and creating a temporary Ghidra project. These are normal local analysis actions and do not show unauthorized file harvesting or persistence.
The cited lines show ordinary local tool checks and temporary project setup. There is no evidence of sensitive file collection or writes outside expected analysis paths.
Bajo
Crypto and Network Terms Are Analysis Targets
The weak cryptography and network reconnaissance flags appear to come from the description and analysis patterns that tell users how to identify crypto and network behavior in binaries. No evidence found that the skill performs cryptography or scans networks itself.
The suspicious terms are used as reverse-engineering topics, not as executable network or crypto operations. The confidence is slightly below very high because the skill can help analyze potentially malicious network-capable binaries.

Factores de riesgo

Patrones detectados

Shell Command Examples for Binary AnalysisTemporary Ghidra Project Creation
Auditado por: codex

Versión de auditoría 4

Seguro

Jan 21, 2026, 03:34 PM

Static analysis tool for binary reverse engineering. All detected patterns are legitimate reverse engineering techniques using radare2 and Ghidra. External command execution is intentional and necessary for invoking analysis tools. No malicious patterns found.

2
Archivos escaneados
1,320
Líneas analizadas
2
Review items
0
False positives ignored
Auditado por: claude

Versión de auditoría 3

Riesgo medio Audit incomplete

Jan 16, 2026, 12:42 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

2
Archivos escaneados
637
Líneas analizadas
3
Review items
0
False positives ignored

Patrones detectados

Weak cryptographic algorithmNetwork reconnaissanceRuby/shell backtick executionShell command substitutionTemplate literal with command substitutionStandard device file accessTemp directory access
Auditado por: claude

Versión de auditoría 2

Riesgo medio Audit incomplete

Jan 16, 2026, 12:42 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

2
Archivos escaneados
637
Líneas analizadas
3
Review items
0
False positives ignored

Patrones detectados

Weak cryptographic algorithmNetwork reconnaissanceRuby/shell backtick executionShell command substitutionTemplate literal with command substitutionStandard device file accessTemp directory access
Auditado por: claude

Versión de auditoría 1

Seguro

Jan 10, 2026, 09:05 AM

Pure prompt-based skill containing only documentation and methodology for static binary analysis. No executable code, no network access, no file writes. Contains only instructional content for using radare2 and Ghidra.

1
Archivos escaneados
407
Líneas analizadas
4
Review items
0
False positives ignored

Factores de riesgo

⚡ Contiene scripts (1)
🌐 Acceso a red (1)
📁 Acceso al sistema de archivos (1)
⚙️ Comandos externos (1)
Auditado por: claude