Habilidades allaymc-plugin-dev Historial de auditorías
📦

Historial de auditorías

allaymc-plugin-dev - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 09:19 AM

Static analysis reported many high-risk patterns, but manual review found they come from LGPL license prose, Markdown code formatting, and legitimate git or Gradle workflow examples. No prompt injection, credential access, data exfiltration, obfuscated code, or malicious network behavior was found in LICENSE, README.md, or SKILL.md. The skill is low risk because it can guide users or agents to run standard development commands and read local reference paths.

3
Archivos escaneados
647
Líneas analizadas
6
hallazgos
codex
Auditado por
Problemas de riesgo bajo (4)
LICENSE:15LICENSE:21LICENSE:28LICENSE:68LICENSE:83-90LICENSE:235-241LICENSE:306-312LICENSE:387
Static License Text Matches Are False Positives
Verdict: FALSE_POSITIVE. The reported weak cryptography and reconnaissance hits in LICENSE are standard LGPL prose. The cited lines contain license language about software freedom, libraries, source copies, offers, and operating systems, not executable code or cryptographic APIs.
README.md:9-12README.md:19-20README.md:27-34README.md:47-50SKILL.md:23-35SKILL.md:39-46SKILL.md:50-58SKILL.md:62-64SKILL.md:68-82
Markdown Backticks Flagged as Shell Execution
Verdict: FALSE_POSITIVE with a low operational caution. README.md and SKILL.md use Markdown backticks and fenced bash examples for installation, updates, and AllayGradle build tasks. These are transparent developer commands, not hidden Ruby backtick execution or command injection.
README.md:14-15SKILL.md:23-24SKILL.md:74-82
Path References Are Documentation, Not Traversal
Verdict: FALSE_POSITIVE with a low operational caution. README.md references installation directories, including a Codex skills path, and SKILL.md references template and API paths under references. The ellipsis in a Java source path is explanatory shorthand, not a traversal directive outside the project.
SKILL.md:3SKILL.md:28SKILL.md:37SKILL.md:69
Skill Metadata Keyword Matches Are False Positives
Verdict: FALSE_POSITIVE. Static hits in SKILL.md around the description, Gradle metadata, lifecycle heading, and API mismatch troubleshooting are ordinary AllayMC plugin guidance. They do not show weak cryptography, network reconnaissance, or system reconnaissance intent.

Factores de riesgo

⚙️ Comandos externos (4)
README.md:9-12 README.md:19-20 README.md:27-34 SKILL.md:62-64
📁 Acceso al sistema de archivos (3)
README.md:14-15 SKILL.md:23-24 SKILL.md:74-82

Versión de auditoría 5

Seguro

Jan 16, 2026, 03:04 PM

This is a prompt-only documentation skill containing guidance for AllayMC plugin development. No executable code, scripts, network operations, or file system access beyond the skill's own directory. Static findings are false positives triggered by markdown documentation patterns (backticks in code blocks) and LGPL-2.1 license legal text. The skill reads reference materials via user-initialized git submodules.

4
Archivos escaneados
858
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (67)
README.md:9-12 README.md:12-14 README.md:14 README.md:14-15 README.md:15 README.md:15-19 README.md:19-21 README.md:21-27 README.md:27-29 README.md:29-33 README.md:33-35 README.md:35-47 README.md:47-48 README.md:48-49 README.md:49-50 README.md:50-52 SKILL.md:23 SKILL.md:24 SKILL.md:28 SKILL.md:28 SKILL.md:28 SKILL.md:28 SKILL.md:29 SKILL.md:31 SKILL.md:32 SKILL.md:33 SKILL.md:34 SKILL.md:34 SKILL.md:35 SKILL.md:35 SKILL.md:39 SKILL.md:41 SKILL.md:42 SKILL.md:43 SKILL.md:44 SKILL.md:44 SKILL.md:45 SKILL.md:45 SKILL.md:46 SKILL.md:50 SKILL.md:51 SKILL.md:52 SKILL.md:53 SKILL.md:54 SKILL.md:55 SKILL.md:56 SKILL.md:57 SKILL.md:58 SKILL.md:58 SKILL.md:62 SKILL.md:63 SKILL.md:64 SKILL.md:64 SKILL.md:68 SKILL.md:68 SKILL.md:68 SKILL.md:68 SKILL.md:69 SKILL.md:70 SKILL.md:74 SKILL.md:75 SKILL.md:76 SKILL.md:77 SKILL.md:78 SKILL.md:80 SKILL.md:81 SKILL.md:82
📁 Acceso al sistema de archivos (3)
README.md:15 README.md:15 SKILL.md:77

Versión de auditoría 4

Seguro

Jan 16, 2026, 03:04 PM

This is a prompt-only documentation skill containing guidance for AllayMC plugin development. No executable code, scripts, network operations, or file system access beyond the skill's own directory. Static findings are false positives triggered by markdown documentation patterns (backticks in code blocks) and LGPL-2.1 license legal text. The skill reads reference materials via user-initialized git submodules.

4
Archivos escaneados
858
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (67)
README.md:9-12 README.md:12-14 README.md:14 README.md:14-15 README.md:15 README.md:15-19 README.md:19-21 README.md:21-27 README.md:27-29 README.md:29-33 README.md:33-35 README.md:35-47 README.md:47-48 README.md:48-49 README.md:49-50 README.md:50-52 SKILL.md:23 SKILL.md:24 SKILL.md:28 SKILL.md:28 SKILL.md:28 SKILL.md:28 SKILL.md:29 SKILL.md:31 SKILL.md:32 SKILL.md:33 SKILL.md:34 SKILL.md:34 SKILL.md:35 SKILL.md:35 SKILL.md:39 SKILL.md:41 SKILL.md:42 SKILL.md:43 SKILL.md:44 SKILL.md:44 SKILL.md:45 SKILL.md:45 SKILL.md:46 SKILL.md:50 SKILL.md:51 SKILL.md:52 SKILL.md:53 SKILL.md:54 SKILL.md:55 SKILL.md:56 SKILL.md:57 SKILL.md:58 SKILL.md:58 SKILL.md:62 SKILL.md:63 SKILL.md:64 SKILL.md:64 SKILL.md:68 SKILL.md:68 SKILL.md:68 SKILL.md:68 SKILL.md:69 SKILL.md:70 SKILL.md:74 SKILL.md:75 SKILL.md:76 SKILL.md:77 SKILL.md:78 SKILL.md:80 SKILL.md:81 SKILL.md:82
📁 Acceso al sistema de archivos (3)
README.md:15 README.md:15 SKILL.md:77

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:15 AM

This is a prompt-only skill containing documentation and guidance for AllayMC plugin development. No executable code, scripts, network operations, or file system access beyond the skill's own directory. References external git submodules that are initialized by the user.

4
Archivos escaneados
653
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:15 AM

This is a prompt-only skill containing documentation and guidance for AllayMC plugin development. No executable code, scripts, network operations, or file system access beyond the skill's own directory. References external git submodules that are initialized by the user.

4
Archivos escaneados
653
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:15 AM

This is a prompt-only skill containing documentation and guidance for AllayMC plugin development. No executable code, scripts, network operations, or file system access beyond the skill's own directory. References external git submodules that are initialized by the user.

4
Archivos escaneados
653
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a Skill