Habilidades vue Historial de auditorías
📦

Historial de auditorías

vue - 2 auditorías

Versión de auditoría 2

Más reciente Riesgo bajo

Jun 28, 2026, 09:59 AM

Static analysis reported many high and medium patterns, but review found documentation examples rather than executable skill code. Backticks, dynamic imports, fetch calls, and Vue terminology appear inside Markdown reference material and do not show command execution, exfiltration, prompt injection, or malicious intent. The skill is safe to publish with low residual risk from community-authored documentation snippets.

15
Archivos escaneados
2,937
Líneas analizadas
7
hallazgos
codex
Auditado por
Problemas de riesgo bajo (4)
GENERATION.md:3-4references/core-reactivity.md:12-15references/components-props.md:14-23
Markdown Backtick Alerts Are Documentation False Positives
The static Ruby or shell backtick detections point to Markdown inline code and fenced Vue examples. No executable Ruby, shell command, command substitution, or runtime invocation is present at the reviewed locations.
references/advanced-async-suspense.md:67-73
Dynamic Imports Are Local Vue Async Component Examples
The dynamic import detections document Vue async component loading from a local component path. They are not executed by the skill and do not import remote code or user-controlled module names.
references/advanced-async-suspense.md:16references/core-reactivity.md:238-263references/features-composables.md:72-74SKILL.md:7
Network Calls Are Example Fetches And Source Links
The network detections are local API fetch examples and links to official Vue documentation. They do not send secrets, contact suspicious hosts, or run as part of the skill itself.
SKILL.md:3references/core-reactivity.md:1-3references/components-props.md:107-112references/components-lifecycle.md:132-139
High-Severity Static Blockers Are Vue Terminology False Positives
The weak cryptography and reconnaissance alerts align with words in Vue documentation, such as ref, Error, Date, and debug hook names. The reviewed lines describe framework concepts rather than cryptographic code or system inspection.

Factores de riesgo

⚙️ Comandos externos (4)
GENERATION.md:3-4 SKILL.md:14 references/core-reactivity.md:12-15 references/components-props.md:14-23
⚡ Contiene scripts (1)
references/advanced-async-suspense.md:67-73
🌐 Acceso a red (4)
references/advanced-async-suspense.md:16 references/core-reactivity.md:238-263 references/features-composables.md:72-74 SKILL.md:7

Versión de auditoría 1

Seguro

Jan 30, 2026, 08:50 AM

Documentation-only skill containing Vue.js reference materials. All 493 flagged patterns are in markdown documentation files and represent code examples, not executable code. No actual security risks identified. Safe for publication.

15
Archivos escaneados
2,937
Líneas analizadas
4
hallazgos
claude
Auditado por
Problemas de riesgo medio (1)
references/core-reactivity.md:12references/core-reactivity.md:239-263references/features-typescript.md:14-257SKILL.md:14-61
Documentation Pattern False Positives
All 'external_commands', 'scripts', and 'network' patterns are in markdown documentation files. These represent code examples in documentation, not executable code. The static scanner cannot distinguish documentation examples from actual code. No security risk exists.

Factores de riesgo

⚙️ Comandos externos (2)
GENERATION.md:3-4 SKILL.md:14-61
⚡ Contiene scripts (1)
references/advanced-async-suspense.md:68-73
🌐 Acceso a red (3)
SKILL.md:7 references/core-reactivity.md:239-288 references/features-typescript.md:249-273
← Volver a Skill