Habilidades error-memory Historial de auditorías
📦

Historial de auditorías

error-memory - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 04:41 AM

The external command, weak cryptography, and reconnaissance findings are false positives from Markdown content in SKILL.md. The skill does instruct the assistant to append or create a local .claude/errors.md file, so it has low filesystem persistence risk.

1
Archivos escaneados
60
Líneas analizadas
4
Review items
0
False positives ignored

Confirmed security concerns (1)

Bajo
Static Blocker Findings Are False Positives
The weak cryptography finding at line 3 and reconnaissance finding at line 11 do not match the file content. Line 3 starts the YAML description, and line 11 says to document errors.
The referenced lines contain no cryptographic algorithm and no system reconnaissance command. The evidence supports dismissing both static blocker findings.
Capability review items (2)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Bajo
Local Error Log Persistence
The skill instructs the assistant to append to .claude/errors.md and create that file if missing. This is expected behavior, but it can persist project mistakes or user corrections in the workspace.
The file write behavior is explicitly documented in the process steps. No network transfer, secret harvesting, or hidden execution behavior is present.
Bajo
Static External Command Findings Are False Positives
The reported backtick locations are Markdown inline code labels and fenced example content. They do not execute Ruby, shell, or any external command.
The lines are plain Markdown in SKILL.md, including type labels and template examples. I found no executable script or command invocation.

Factores de riesgo

📁 Acceso al sistema de archivos (2)
Auditado por: codex

Versión de auditoría 5

Seguro

Jan 16, 2026, 03:03 PM

This is a pure prompt-based skill containing only markdown documentation. No executable code, scripts, network calls, filesystem access, or external command execution exists. The 21 static findings are false positives caused by the analyzer misinterpreting markdown syntax (backticks for inline code, table syntax, YAML frontmatter) as code patterns. All 'weak cryptographic algorithm', 'external_commands', 'network', and 'system reconnaissance' detections are benign documentation text.

2
Archivos escaneados
238
Líneas analizadas
1
Review items
0
False positives ignored
Auditado por: claude

Versión de auditoría 4

Seguro

Jan 16, 2026, 03:03 PM

This is a pure prompt-based skill containing only markdown documentation. No executable code, scripts, network calls, filesystem access, or external command execution exists. The 21 static findings are false positives caused by the analyzer misinterpreting markdown syntax (backticks for inline code, table syntax, YAML frontmatter) as code patterns. All 'weak cryptographic algorithm', 'external_commands', 'network', and 'system reconnaissance' detections are benign documentation text.

2
Archivos escaneados
238
Líneas analizadas
1
Review items
0
False positives ignored
Auditado por: claude

Versión de auditoría 3

Seguro

Jan 10, 2026, 09:53 AM

This is a pure prompt-based skill containing only markdown documentation with behavioral guidelines. No executable code, scripts, network calls, filesystem access, environment variable access, or external command execution. The skill consists solely of instructions for error documentation.

1
Archivos escaneados
60
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude

Versión de auditoría 2

Seguro

Jan 10, 2026, 09:53 AM

This is a pure prompt-based skill containing only markdown documentation with behavioral guidelines. No executable code, scripts, network calls, filesystem access, environment variable access, or external command execution. The skill consists solely of instructions for error documentation.

1
Archivos escaneados
60
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude

Versión de auditoría 1

Seguro

Jan 10, 2026, 09:53 AM

This is a pure prompt-based skill containing only markdown documentation with behavioral guidelines. No executable code, scripts, network calls, filesystem access, environment variable access, or external command execution. The skill consists solely of instructions for error documentation.

1
Archivos escaneados
60
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude