Habilidades synthese-multi-llm Historial de auditorías
📦

Historial de auditorías

synthese-multi-llm - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo medio

Jun 28, 2026, 08:17 AM

Static analysis found many command, credential, network, filesystem, and hash patterns. Review confirms these are mostly intended multi-LLM orchestration features, not confirmed malicious behavior. The skill should publish with a medium-risk warning because it can send source text to model providers and persist audit data locally.

21
Archivos escaneados
8,591
Líneas analizadas
12
hallazgos
codex
Auditado por
Problemas de riesgo medio (4)
scripts/synthese.py:1299-1318
External model commands execute with user prompts
The main workflow runs fixed model CLIs and passes the prompt as an argument. This reduces shell injection risk, but it still executes external tools and shares document content with them.
scripts/backends/cli_backend.py:147-159
Configurable CLI backend can run configured commands
The generic CLI backend builds a command from configuration and executes it with the inherited environment. This is useful for custom LLM tools but risky with untrusted configuration.
wrappers/claude_wrapper.sh:20-42wrappers/ollama_wrapper.sh:18-40
Model wrappers send prompts to configured services
The Claude wrapper sends prompts to the Anthropic API with an API key header, and the Ollama wrapper sends prompts to a configured host. This is intended behavior but can expose sensitive source text.
scripts/synthese.py:2671-2717
Audit trails and exports persist synthesis data locally
The workflow writes session trails and Markdown output to local files. This supports traceability, but users must manage stored source excerpts and model responses.
Problemas de riesgo bajo (3)
scripts/synthese.py:658-668scripts/synthese.py:1782-1786
Weak-crypto scanner matches are non-security identifiers
Reviewed hash usage is for cache keys and short session identifiers, not password storage, signatures, or encryption. The static weak-crypto labels are false positives in this context.
scripts/sanitize.py:25-43scripts/sanitize.py:176-202
Shell metacharacter and hex findings are sanitizer data
The flagged backticks, command substitutions, and hex escapes appear inside input sanitization constants and cleanup logic. They are detection targets, not executed payloads.
references/configuration.md:10-12
Prompt injection indicators were not found
Searches for override, skip-review, and fake authority language found configuration terms only. No evidence found of instructions that try to override the audit process.

Factores de riesgo

⚙️ Comandos externos (4)
scripts/synthese.py:1229-1233 scripts/synthese.py:1317-1322 scripts/backends/cli_backend.py:147-159 wrappers/claude_wrapper.sh:37-40
🔑 Variables de entorno (4)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/anthropic_backend.py:314-320 wrappers/claude_wrapper.sh:22-24 wrappers/claude_wrapper.sh:40-42
🌐 Acceso a red (4)
wrappers/claude_wrapper.sh:20 wrappers/claude_wrapper.sh:39-46 wrappers/ollama_wrapper.sh:18-20 wrappers/ollama_wrapper.sh:39-45
📁 Acceso al sistema de archivos (3)
scripts/config.py:205-207 scripts/synthese.py:2671-2681 scripts/synthese.py:2700-2717
⚡ Contiene scripts (3)
scripts/synthese.py:1-24 scripts/backends/__init__.py:22-41 scripts/backends/cli_backend.py:1-18

Patrones detectados

Python subprocess executionAsync configurable subprocess executionAPI key environment accessNetwork requests from shell wrappers

Versión de auditoría 5

Riesgo bajo

Jan 16, 2026, 03:20 PM

This is a legitimate multi-LLM orchestration tool for text summarization. The static analyzer's 588 findings are overwhelmingly false positives. The 'weak cryptographic algorithm' findings are markdown documentation being misidentified. 'Shell backtick execution' findings are markdown code formatting. 'API/secret keys' findings are proper environment variable access patterns. The critical heuristics are triggered by legitimate subprocess execution for CLI model calls and API interactions with proper credential handling. No evidence of malicious intent, data exfiltration, or harmful patterns found.

22
Archivos escaneados
9,013
Líneas analizadas
4
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (2)
scripts/synthese.py:1229-1242 scripts/synthese.py:1299-1320
🌐 Acceso a red (1)
scripts/synthese.py:836-848
📁 Acceso al sistema de archivos (1)
scripts/synthese.py:708-720
🔑 Variables de entorno (1)
scripts/backends/anthropic_backend.py:106-108

Versión de auditoría 4

Riesgo bajo

Jan 16, 2026, 03:20 PM

This is a legitimate multi-LLM orchestration tool for text summarization. The static analyzer's 588 findings are overwhelmingly false positives. The 'weak cryptographic algorithm' findings are markdown documentation being misidentified. 'Shell backtick execution' findings are markdown code formatting. 'API/secret keys' findings are proper environment variable access patterns. The critical heuristics are triggered by legitimate subprocess execution for CLI model calls and API interactions with proper credential handling. No evidence of malicious intent, data exfiltration, or harmful patterns found.

22
Archivos escaneados
9,013
Líneas analizadas
4
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (2)
scripts/synthese.py:1229-1242 scripts/synthese.py:1299-1320
🌐 Acceso a red (1)
scripts/synthese.py:836-848
📁 Acceso al sistema de archivos (1)
scripts/synthese.py:708-720
🔑 Variables de entorno (1)
scripts/backends/anthropic_backend.py:106-108

Versión de auditoría 3

Riesgo bajo

Jan 10, 2026, 10:15 AM

Legitimate multi-LLM synthesis tool. Capabilities align with stated purpose. Subprocess and network calls are documented and expected for calling external LLM services. Input sanitization and validation present. No malicious patterns detected.

14
Archivos escaneados
4,642
Líneas analizadas
7
hallazgos
claude
Auditado por
Problemas de riesgo bajo (2)
scripts/synthese.py:70
Subprocess execution for LLM calls
The code executes subprocess calls to invoke external CLI commands (claude, gemini, codex). This is a legitimate capability for an LLM orchestration tool. Callers are hardcoded CLI tools, not user-controlled input. Code: `asyncio.create_subprocess_exec(*cmd)` at scripts/synthese.py:70
wrappers/claude_wrapper.sh:40-50
Network calls to external APIs
The code makes HTTP requests to external LLM APIs (Anthropic, Ollama). Endpoints are documented and expected: https://api.anthropic.com/v1/messages and http://localhost:11434/api/generate. Required for core functionality.

Factores de riesgo

⚡ Contiene scripts (3)
scripts/synthese.py:1-1500 scripts/config.py:1-534 scripts/retry.py:1-611
🌐 Acceso a red (3)
scripts/backends/anthropic_backend.py:1-321 wrappers/claude_wrapper.sh:20-50 wrappers/ollama_wrapper.sh:40-46
📁 Acceso al sistema de archivos (2)
scripts/config.py:175-177 scripts/synthese.py:634-724
🔑 Variables de entorno (2)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/cli_backend.py:151-152
⚙️ Comandos externos (2)
scripts/synthese.py:64-89 scripts/backends/cli_backend.py:127-224

Versión de auditoría 2

Riesgo bajo

Jan 10, 2026, 10:15 AM

Legitimate multi-LLM synthesis tool. Capabilities align with stated purpose. Subprocess and network calls are documented and expected for calling external LLM services. Input sanitization and validation present. No malicious patterns detected.

14
Archivos escaneados
4,642
Líneas analizadas
7
hallazgos
claude
Auditado por
Problemas de riesgo bajo (2)
scripts/synthese.py:70
Subprocess execution for LLM calls
The code executes subprocess calls to invoke external CLI commands (claude, gemini, codex). This is a legitimate capability for an LLM orchestration tool. Callers are hardcoded CLI tools, not user-controlled input. Code: `asyncio.create_subprocess_exec(*cmd)` at scripts/synthese.py:70
wrappers/claude_wrapper.sh:40-50
Network calls to external APIs
The code makes HTTP requests to external LLM APIs (Anthropic, Ollama). Endpoints are documented and expected: https://api.anthropic.com/v1/messages and http://localhost:11434/api/generate. Required for core functionality.

Factores de riesgo

⚡ Contiene scripts (3)
scripts/synthese.py:1-1500 scripts/config.py:1-534 scripts/retry.py:1-611
🌐 Acceso a red (3)
scripts/backends/anthropic_backend.py:1-321 wrappers/claude_wrapper.sh:20-50 wrappers/ollama_wrapper.sh:40-46
📁 Acceso al sistema de archivos (2)
scripts/config.py:175-177 scripts/synthese.py:634-724
🔑 Variables de entorno (2)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/cli_backend.py:151-152
⚙️ Comandos externos (2)
scripts/synthese.py:64-89 scripts/backends/cli_backend.py:127-224

Versión de auditoría 1

Riesgo bajo

Jan 10, 2026, 10:15 AM

Legitimate multi-LLM synthesis tool. Capabilities align with stated purpose. Subprocess and network calls are documented and expected for calling external LLM services. Input sanitization and validation present. No malicious patterns detected.

14
Archivos escaneados
4,642
Líneas analizadas
7
hallazgos
claude
Auditado por
Problemas de riesgo bajo (2)
scripts/synthese.py:70
Subprocess execution for LLM calls
The code executes subprocess calls to invoke external CLI commands (claude, gemini, codex). This is a legitimate capability for an LLM orchestration tool. Callers are hardcoded CLI tools, not user-controlled input. Code: `asyncio.create_subprocess_exec(*cmd)` at scripts/synthese.py:70
wrappers/claude_wrapper.sh:40-50
Network calls to external APIs
The code makes HTTP requests to external LLM APIs (Anthropic, Ollama). Endpoints are documented and expected: https://api.anthropic.com/v1/messages and http://localhost:11434/api/generate. Required for core functionality.

Factores de riesgo

⚡ Contiene scripts (3)
scripts/synthese.py:1-1500 scripts/config.py:1-534 scripts/retry.py:1-611
🌐 Acceso a red (3)
scripts/backends/anthropic_backend.py:1-321 wrappers/claude_wrapper.sh:20-50 wrappers/ollama_wrapper.sh:40-46
📁 Acceso al sistema de archivos (2)
scripts/config.py:175-177 scripts/synthese.py:634-724
🔑 Variables de entorno (2)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/cli_backend.py:151-152
⚙️ Comandos externos (2)
scripts/synthese.py:64-89 scripts/backends/cli_backend.py:127-224
← Volver a Skill