Historial de auditorías

vueuse-functions - 2 auditorías

Versión de auditoría 2

Más reciente Riesgo medio

Jun 28, 2026, 10:12 AM

The static analyzer reported many severe patterns, but targeted review shows they are primarily Markdown references, inline code, URLs, and VueUse API examples rather than executable skill logic. No prompt injection or malicious intent was found. The skill is publishable with a medium warning because it can guide users toward network, browser storage, cookie, local file, media-device, and Electron IPC APIs.

267

Archivos escaneados

25,774

Líneas analizadas

hallazgos

codex

Auditado por

Problemas de riesgo medio (4)

SKILL.md:45-49 references/useStorage.md:8-10 references/useCookies.md:5-7

Privacy-sensitive browser storage guidance

The skill recommends VueUse helpers for LocalStorage, SessionStorage, and cookies. These APIs are legitimate, but generated code could persist sensitive user data if the assistant applies them without review.

SKILL.md:177-180 references/useFetch.md:7-8 references/computedAsync.md:57-59 references/useWebSocket.md:14

Outbound network composables require endpoint review

The skill includes automatic guidance for fetch, Axios, EventSource, and WebSocket composables. Generated implementations can send application data to external services if endpoints are not reviewed.

SKILL.md:89-90 SKILL.md:135-136 references/useFileSystemAccess.md:14-27 references/useUserMedia.md:17-18

Local file and media device APIs need user consent checks

The skill documents composables for local file access and media capture. These are browser-permission APIs, but generated features must preserve clear user consent and narrow file or device scope.

references/useIpcRenderer.md:15-20 references/useIpcRenderer.md:74-89

Electron IPC helpers can cross trust boundaries

The skill includes Electron ipcRenderer helpers. Generated Electron code should validate channels and payloads because renderer-to-main messages can reach privileged application logic.

Problemas de riesgo bajo (2)

SKILL.md:21-31 references/useAxios.md:11-13 SYNC.md:3-4

Static external command findings are Markdown false positives

The reported Ruby or shell backtick execution appears to come from Markdown code fences, inline code, and install examples. No executable script or dynamic command runner was found in the reviewed files.

references/onKeyStroke.md:5-7 references/useSortable.md:158-168 SKILL.md:110

Keyword-based critical findings are documentation false positives

Keylogger, C2, weak crypto, credential, and path traversal alerts map to API names, URL fragments, line anchors, or ordinary documentation. No evidence of malicious collection or control flow was found.

Factores de riesgo

🌐 Acceso a red (5)

SKILL.md:177-180 references/useFetch.md:7-8 references/useWebSocket.md:7-14 references/computedAsync.md:57-59 references/useAxios.md:7-13

📁 Acceso al sistema de archivos (3)

SKILL.md:89-90 references/useFileSystemAccess.md:7 references/useFileSystemAccess.md:14-27

Patrones detectados

Network request generation patternBrowser persistence patternLocal capability API pattern

Versión de auditoría 1

Seguro

Jan 30, 2026, 08:50 AM

All static findings are FALSE POSITIVES. The scanner misidentified TypeScript code examples in markdown documentation as shell commands and legitimate API documentation as credential access. This is a legitimate Vue.js development guide containing VueUse composable documentation. No malicious code, prompt injection attempts, or actual security risks detected. Safe for publication.

267

Archivos escaneados

25,774

Líneas analizadas

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (625)

⚙️ Comandos externos (3027)

📁 Acceso al sistema de archivos (10)

references/useBreakpoints.md:59 references/useExtractedObservable.md:23 references/useMediaQuery.md:35 references/useSSRWidth.md:7 references/useSSRWidth.md:7 references/watchExtractedObservable.md:20 references/watchExtractedObservable.md:42 references/watchExtractedObservable.md:69 SKILL.md:110 SKILL.md:110

← Volver a Skill