Habilidades tech-stack-evaluator Historial de auditorías
📦

Historial de auditorías

tech-stack-evaluator - 4 auditorías

Versión de auditoría 4

Más reciente Riesgo bajo

Jun 28, 2026, 09:09 AM

The static analyzer reported a critical heuristic, but review found no command execution, network client usage, secret harvesting, obfuscation, or prompt injection attempt. Most high and medium matches are false positives from markdown examples, security terminology, URL parsing, and technology evaluation vocabulary. Residual risk is low because the skill contains Python scripts, checks one non-secret environment variable, and can write a report to a caller-provided filename.

15
Archivos escaneados
5,083
Líneas analizadas
8
hallazgos
codex
Auditado por
Problemas de riesgo bajo (5)
README.md:185-220HOW_TO_USE.md:168-174report_generator.py:38
Static Critical Heuristic Dismissed
The scanner combined markdown backticks, documentation URLs, and an API key placeholder into a critical heuristic. Review found no subprocess, eval, exec, network client, credential read, or exfiltration behavior in the Python modules.
security_assessor.py:15-20README.md:294-335SKILL.md:285-304
Security Terminology Misclassified as Dangerous Keywords
C2, weak cryptography, and certificate/key alerts are triggered by normal technology evaluation language such as compliance standards, encryption readiness, and scoring terms. No evidence found of malware control logic or cryptographic implementation.
SKILL.md:150-154HOW_TO_USE.md:9-12README.md:185-195
Markdown Command Blocks Misclassified as Shell Execution
External command alerts are caused by markdown fences and example prompts in documentation. These examples are not executable code paths and no Python shell execution APIs were found.
report_generator.py:34-46
Non-Secret Environment Context Check
report_generator.py reads CLAUDE_DESKTOP to choose desktop or CLI report formatting. This is environment access, but it does not read API keys, tokens, passwords, or other secrets.
report_generator.py:444-458
User-Directed Report File Write
The report export helper writes generated markdown to the filename supplied by the caller. This is expected functionality, but callers should avoid untrusted or sensitive output paths.

Factores de riesgo

⚡ Contiene scripts (3)
stack_comparator.py:1-10 security_assessor.py:1-10 report_generator.py:1-10
📁 Acceso al sistema de archivos (1)
report_generator.py:444-458
🔑 Variables de entorno (1)
report_generator.py:38

Versión de auditoría 3

Seguro

Jan 16, 2026, 02:58 PM

All 219 static findings are false positives. The scanner detected benign documentation patterns including security terminology, code block formatting, and technology names. No actual code execution, network requests, or credential access exists. Uses Python standard library only.

16
Archivos escaneados
5,387
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (3)
stack_comparator.py:1-50 security_assessor.py:1-50 format_detector.py:1-50
📁 Acceso al sistema de archivos (1)
report_generator.py:444-461
🔑 Variables de entorno (1)
report_generator.py:38

Versión de auditoría 2

Seguro

Jan 16, 2026, 02:58 PM

All 219 static findings are false positives. The scanner detected benign documentation patterns including security terminology, code block formatting, and technology names. No actual code execution, network requests, or credential access exists. Uses Python standard library only.

16
Archivos escaneados
5,387
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (3)
stack_comparator.py:1-50 security_assessor.py:1-50 format_detector.py:1-50
📁 Acceso al sistema de archivos (1)
report_generator.py:444-461
🔑 Variables de entorno (1)
report_generator.py:38

Versión de auditoría 1

Seguro

Jan 15, 2026, 12:01 PM

All 190 static findings are false positives. The skill is a legitimate technology evaluation tool. Flags were triggered by security/compliance documentation keywords, bash command examples in markdown, and URL references - not malicious code patterns.

14
Archivos escaneados
4,847
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

📁 Acceso al sistema de archivos (1)
report_generator.py:457
🔑 Variables de entorno (1)
report_generator.py:38
← Volver a Skill