Habilidades firebase-development-debug Historial de auditorías
📦

Historial de auditorías

firebase-development-debug - 4 auditorías

Versión de auditoría 4

Más reciente Riesgo medio

Jun 27, 2026, 03:28 PM

Static analysis found shell commands, localhost network access, and environment-file inspection guidance. Review confirms these are mostly legitimate Firebase debugging instructions, but reading .env files and killing processes creates elevated operational risk. No evidence found of malicious exfiltration, prompt injection, or hidden executable payloads.

1
Archivos escaneados
183
Líneas analizadas
9
hallazgos
codex
Auditado por
Problemas de riesgo medio (2)
SKILL.md:55-58SKILL.md:114-123SKILL.md:129-142SKILL.md:161-167
Shell and Process Management Commands in Debug Workflow
The skill recommends shell commands for port checks, process termination, Firebase emulator control, exports, and build checks. These commands are normal for Firebase debugging, but they can disrupt local services or change emulator state if run without review. Verdict: true positive for operational command risk, not evidence of malicious execution.
SKILL.md:103-105
Sensitive Environment File Inspection Guidance
The skill tells the agent to read functions/.env and hosting/.env.local while diagnosing auth configuration. This is a legitimate troubleshooting step, but it may expose secrets in the AI context or logs. Verdict: true positive for sensitive file access risk.
Problemas de riesgo bajo (3)
SKILL.md:66-67
Localhost Network URL Flag Is Low Risk
The hardcoded URL points to 127.0.0.1 for the Firebase Emulator UI. This supports local debugging and does not indicate external communication. Verdict: false positive for external network risk.
SKILL.md:3SKILL.md:10SKILL.md:45
Descriptive Text Triggered Heuristic False Positives
The weak cryptographic algorithm and system reconnaissance flags map to descriptive Firebase debugging text, not cryptographic calls or host reconnaissance code. Verdict: false positive for these blocker findings.
SKILL.md:28-30SKILL.md:60-62SKILL.md:85-98SKILL.md:110SKILL.md:151SKILL.md:172-181
Reference Backticks Are Not Command Execution
Several static command findings point to backticked skill names and documentation paths. These references do not execute code by themselves. Verdict: false positive for Ruby or shell backtick execution on these lines.

Factores de riesgo

⚙️ Comandos externos (7)
SKILL.md:55-58 SKILL.md:66-67 SKILL.md:103-105 SKILL.md:114-123 SKILL.md:129-135 SKILL.md:140-142 SKILL.md:161-167
🌐 Acceso a red (1)
SKILL.md:66-67
📁 Acceso al sistema de archivos (4)
SKILL.md:103-105 SKILL.md:114-117 SKILL.md:135 SKILL.md:151
🔑 Variables de entorno (2)
SKILL.md:103-105 SKILL.md:167

Patrones detectados

Command Guidance Combined With Secret File Reads

Versión de auditoría 3

Seguro

Jan 16, 2026, 01:38 PM

This is a pure documentation skill containing only markdown guidance. Static scanner findings are all false positives - JSON metadata fields were misidentified as security threats, bash code blocks in documentation were flagged as execution risks, and localhost emulator URLs were detected as network issues. No executable code exists in this skill.

2
Archivos escaneados
362
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (2)
SKILL.md:67 SKILL.md:67
⚙️ Comandos externos (31)
SKILL.md:28 SKILL.md:29 SKILL.md:30 SKILL.md:55-58 SKILL.md:58-60 SKILL.md:60-62 SKILL.md:62-66 SKILL.md:66-68 SKILL.md:68-85 SKILL.md:85-98 SKILL.md:98-103 SKILL.md:103-106 SKILL.md:106-110 SKILL.md:110-114 SKILL.md:114-119 SKILL.md:119-122 SKILL.md:122-124 SKILL.md:124-129 SKILL.md:129-133 SKILL.md:133-135 SKILL.md:135-140 SKILL.md:140-142 SKILL.md:142-151 SKILL.md:151-161 SKILL.md:161-166 SKILL.md:166-167 SKILL.md:167-172 SKILL.md:172-179 SKILL.md:179-180 SKILL.md:180-181 SKILL.md:181-182
📁 Acceso al sistema de archivos (2)
SKILL.md:104 SKILL.md:105

Versión de auditoría 2

Seguro

Jan 16, 2026, 01:38 PM

This is a pure documentation skill containing only markdown guidance. Static scanner findings are all false positives - JSON metadata fields were misidentified as security threats, bash code blocks in documentation were flagged as execution risks, and localhost emulator URLs were detected as network issues. No executable code exists in this skill.

2
Archivos escaneados
362
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (2)
SKILL.md:67 SKILL.md:67
⚙️ Comandos externos (31)
SKILL.md:28 SKILL.md:29 SKILL.md:30 SKILL.md:55-58 SKILL.md:58-60 SKILL.md:60-62 SKILL.md:62-66 SKILL.md:66-68 SKILL.md:68-85 SKILL.md:85-98 SKILL.md:98-103 SKILL.md:103-106 SKILL.md:106-110 SKILL.md:110-114 SKILL.md:114-119 SKILL.md:119-122 SKILL.md:122-124 SKILL.md:124-129 SKILL.md:129-133 SKILL.md:133-135 SKILL.md:135-140 SKILL.md:140-142 SKILL.md:142-151 SKILL.md:151-161 SKILL.md:161-166 SKILL.md:166-167 SKILL.md:167-172 SKILL.md:172-179 SKILL.md:179-180 SKILL.md:180-181 SKILL.md:181-182
📁 Acceso al sistema de archivos (2)
SKILL.md:104 SKILL.md:105

Versión de auditoría 1

Seguro

Jan 10, 2026, 09:20 AM

This is a pure documentation skill containing only markdown text and workflow guidance. No executable code, scripts, network calls, or file system access. The skill provides debugging instructions for Firebase development issues.

1
Archivos escaneados
183
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a Skill