Habilidades omakase-off Historial de auditorías
📦

Historial de auditorías

omakase-off - 5 auditorías

Versión de auditoría 5

Más reciente Riesgo medio

Jun 27, 2026, 03:43 PM

Static analysis flagged many external command and weak-crypto patterns, but most are false positives from Markdown backticks, dependency names, and ordinary workflow text. The confirmed risk is operational: the skill instructs agents to create worktrees, write plans, and force-delete loser branches during cleanup. No evidence found of malicious network use, credential access, obfuscation, or prompt injection aimed at bypassing audit rules.

2
Archivos escaneados
368
Líneas analizadas
6
Review items
0
False positives ignored

Confirmed security concerns (1)

Bajo
Weak Cryptography And Network Matches Lack Supporting Evidence
The static analyzer reported weak cryptography and network reconnaissance indicators, but the reviewed lines contain workflow prose, examples, or dependency references. No evidence found of cryptographic operations, HTTP calls, port scanning, or data exfiltration.
The cited locations do not contain cryptographic code or network code. Confidence is high because both scanned files are Markdown-only skill instructions.
Capability review items (3)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Medio
Destructive Git Cleanup Workflow
The skill workflow tells the agent to always clean up losing variants and provides git commands that remove worktrees and force-delete branches. This is legitimate for variant exploration, but it can delete user work if branches or worktrees contain unmerged changes and the agent proceeds without clear confirmation.
The cleanup behavior is explicitly documented, including force branch deletion with git branch -D. The intent is workflow cleanup rather than malware, so the risk is moderate operational data loss rather than confirmed malicious behavior.
Medio
Broad Filesystem Modification Workflow
The skill directs agents to create plans, variant directories, worktrees, and result files as part of implementation exploration. These writes are expected for the workflow, but they expand the change surface and require repository isolation and review.
The file and worktree paths are clearly specified in the skill documentation. The behavior is consistent with a development workflow, but it has meaningful impact on the repository filesystem.
Bajo
Static Command Findings Are Mostly Markdown References
Most external command detections occur on backticked skill names, file paths, example labels, or prose in Markdown. These are not executable scripts and do not create command injection by themselves.
The flagged content is documentation text and table entries, not runnable code. The only concrete shell commands found are git workflow commands documented for worktree setup and cleanup.

Patrones detectados

Force Branch Deletion Command
Auditado por: codex

Versión de auditoría 4

Seguro

Jan 21, 2026, 03:51 PM

All static findings are false positives. External command patterns in documentation are example git commands. High-risk crypto and C2 patterns are regex false positives triggered by benign words. This is a legitimate workflow orchestration skill.

3
Archivos escaneados
1,345
Líneas analizadas
1
Review items
0
False positives ignored

Factores de riesgo

Auditado por: claude

Versión de auditoría 3

Riesgo medio Audit incomplete

Jan 16, 2026, 01:56 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

3
Archivos escaneados
553
Líneas analizadas
3
Review items
0
False positives ignored

Factores de riesgo

⚙️ Comandos externos (69)
references/detailed-workflow.md:9 references/detailed-workflow.md:9 references/detailed-workflow.md:10 references/detailed-workflow.md:10 references/detailed-workflow.md:11 references/detailed-workflow.md:11 references/detailed-workflow.md:11 references/detailed-workflow.md:12 references/detailed-workflow.md:12 references/detailed-workflow.md:13 references/detailed-workflow.md:13 references/detailed-workflow.md:14 references/detailed-workflow.md:14 references/detailed-workflow.md:15 references/detailed-workflow.md:15 references/detailed-workflow.md:15 references/detailed-workflow.md:16 references/detailed-workflow.md:16 references/detailed-workflow.md:17 references/detailed-workflow.md:17 references/detailed-workflow.md:18 references/detailed-workflow.md:18 references/detailed-workflow.md:19 references/detailed-workflow.md:19 references/detailed-workflow.md:20 references/detailed-workflow.md:20 references/detailed-workflow.md:29-35 references/detailed-workflow.md:35-68 references/detailed-workflow.md:68-72 references/detailed-workflow.md:72-80 references/detailed-workflow.md:80-88 references/detailed-workflow.md:88-101 references/detailed-workflow.md:101-104 references/detailed-workflow.md:104-113 references/detailed-workflow.md:113-118 references/detailed-workflow.md:118-119 references/detailed-workflow.md:119-124 references/detailed-workflow.md:124-129 references/detailed-workflow.md:129-133 references/detailed-workflow.md:133-134 references/detailed-workflow.md:134-135 references/detailed-workflow.md:135-141 references/detailed-workflow.md:141-146 references/detailed-workflow.md:146-159 references/detailed-workflow.md:159-163 references/detailed-workflow.md:163-172 references/detailed-workflow.md:172-186 references/detailed-workflow.md:186-192 references/detailed-workflow.md:192-195 references/detailed-workflow.md:195-198 references/detailed-workflow.md:198-213 references/detailed-workflow.md:213-223 SKILL.md:11 SKILL.md:12 SKILL.md:23-29 SKILL.md:29-38 SKILL.md:38-42 SKILL.md:42-61 SKILL.md:61-65 SKILL.md:65-75 SKILL.md:75-105 SKILL.md:105-106 SKILL.md:106-107 SKILL.md:107-108 SKILL.md:108-109 SKILL.md:109-110 SKILL.md:110-111 SKILL.md:111-115 SKILL.md:115-139
🌐 Acceso a red (1)

Patrones detectados

Ruby/shell backtick executionWeak cryptographic algorithmNetwork reconnaissancePython HTTP libraries
Auditado por: claude

Versión de auditoría 2

Riesgo medio Audit incomplete

Jan 16, 2026, 01:56 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

3
Archivos escaneados
553
Líneas analizadas
3
Review items
0
False positives ignored

Factores de riesgo

⚙️ Comandos externos (69)
references/detailed-workflow.md:9 references/detailed-workflow.md:9 references/detailed-workflow.md:10 references/detailed-workflow.md:10 references/detailed-workflow.md:11 references/detailed-workflow.md:11 references/detailed-workflow.md:11 references/detailed-workflow.md:12 references/detailed-workflow.md:12 references/detailed-workflow.md:13 references/detailed-workflow.md:13 references/detailed-workflow.md:14 references/detailed-workflow.md:14 references/detailed-workflow.md:15 references/detailed-workflow.md:15 references/detailed-workflow.md:15 references/detailed-workflow.md:16 references/detailed-workflow.md:16 references/detailed-workflow.md:17 references/detailed-workflow.md:17 references/detailed-workflow.md:18 references/detailed-workflow.md:18 references/detailed-workflow.md:19 references/detailed-workflow.md:19 references/detailed-workflow.md:20 references/detailed-workflow.md:20 references/detailed-workflow.md:29-35 references/detailed-workflow.md:35-68 references/detailed-workflow.md:68-72 references/detailed-workflow.md:72-80 references/detailed-workflow.md:80-88 references/detailed-workflow.md:88-101 references/detailed-workflow.md:101-104 references/detailed-workflow.md:104-113 references/detailed-workflow.md:113-118 references/detailed-workflow.md:118-119 references/detailed-workflow.md:119-124 references/detailed-workflow.md:124-129 references/detailed-workflow.md:129-133 references/detailed-workflow.md:133-134 references/detailed-workflow.md:134-135 references/detailed-workflow.md:135-141 references/detailed-workflow.md:141-146 references/detailed-workflow.md:146-159 references/detailed-workflow.md:159-163 references/detailed-workflow.md:163-172 references/detailed-workflow.md:172-186 references/detailed-workflow.md:186-192 references/detailed-workflow.md:192-195 references/detailed-workflow.md:195-198 references/detailed-workflow.md:198-213 references/detailed-workflow.md:213-223 SKILL.md:11 SKILL.md:12 SKILL.md:23-29 SKILL.md:29-38 SKILL.md:38-42 SKILL.md:42-61 SKILL.md:61-65 SKILL.md:65-75 SKILL.md:75-105 SKILL.md:105-106 SKILL.md:106-107 SKILL.md:107-108 SKILL.md:108-109 SKILL.md:109-110 SKILL.md:110-111 SKILL.md:111-115 SKILL.md:115-139
🌐 Acceso a red (1)

Patrones detectados

Ruby/shell backtick executionWeak cryptographic algorithmNetwork reconnaissancePython HTTP libraries
Auditado por: claude

Versión de auditoría 1

Seguro

Jan 10, 2026, 09:31 AM

Pure prompt-based orchestrator skill with no executable code. Contains only markdown workflow instructions for Claude. No scripts, network operations, filesystem access, or external command execution. Risk level is safe.

2
Archivos escaneados
368
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude