Habilidades writing-bots Historial de auditorías
📦

Historial de auditorías

writing-bots - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo medio

Jun 28, 2026, 09:51 AM

Static analysis correctly identified network access, environment-variable guidance, and external command examples, but the weak cryptography and Ruby backtick alerts are false positives from Markdown prose. The skill has legitimate blockchain automation intent, but it can lead users to install a CLI, run bots, use API keys, and broadcast transactions, so publication should include a clear operational risk warning.

1
Archivos escaneados
94
Líneas analizadas
9
hallazgos
codex
Auditado por
Problemas de riesgo medio (2)
SKILL.md:74-85
External CLI Installation and Bot Execution
TRUE_POSITIVE: The skill instructs assistants to install Silverback with uv and run a bot using the Silverback CLI. This is legitimate for the skill purpose, but it can execute local project code and connect to blockchain networks.
SKILL.md:34-40SKILL.md:60-68
Blockchain Transaction and External Service Automation
TRUE_POSITIVE: The skill describes bots that may send POST requests, use communication services, and sign or broadcast blockchain transactions. These actions are domain-appropriate but high-impact if generated code is not reviewed and tested.
Problemas de riesgo bajo (4)
SKILL.md:16-19
Documentation Network Fetch Is Legitimate
TRUE_POSITIVE: The skill tells assistants to fetch current Silverback documentation from ApeWorX URLs. This is a network dependency, but it targets public vendor documentation and supports accurate code generation.
SKILL.md:64-68
Environment Variable Access for Runtime Configuration
TRUE_POSITIVE: The skill suggests operational modes and limits based on environment variables such as API keys. This is common configuration practice, but generated bots must avoid logging or transmitting secret values.
SKILL.md:3SKILL.md:7-9SKILL.md:18SKILL.md:23SKILL.md:64
False Positive: Weak Cryptography Alerts
FALSE_POSITIVE: The static weak-cryptography findings point to prose, URLs, and metadata, not cryptographic algorithms or insecure crypto APIs. No evidence found of MD5, SHA-1, DES, RC4, or related weak cryptographic use.
SKILL.md:16SKILL.md:63-68SKILL.md:76-83
False Positive: Markdown Backtick Execution Matches
FALSE_POSITIVE: Most Ruby backtick execution alerts are Markdown inline code or fenced code formatting, not Ruby code. The actual shell commands are documented separately as an operational medium-risk finding.

Factores de riesgo

⚙️ Comandos externos (3)
SKILL.md:16 SKILL.md:63-68 SKILL.md:74-85
🌐 Acceso a red (2)
SKILL.md:16-19 SKILL.md:37-38
🔑 Variables de entorno (1)
SKILL.md:64-68

Patrones detectados

Network Documentation FetchCommand-Line Installation and ExecutionSecret-Adjacent Environment Variables

Versión de auditoría 5

Seguro

Jan 16, 2026, 03:22 PM

This skill is a pure markdown prompt file providing guidance for designing blockchain bots using the Silverback SDK. All static findings are false positives. The scanner misidentified standard blockchain terminology (keccak256, sha256, mainnet) as cryptographic weaknesses, CLI documentation as command injection, and documentation URLs as network exfiltration. The skill contains no executable code and advises best practices including using environment variables and circuit breakers for safety.

2
Archivos escaneados
94
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (3)
SKILL.md:16 SKILL.md:18 SKILL.md:19
⚙️ Comandos externos (12)
SKILL.md:16 SKILL.md:63 SKILL.md:65 SKILL.md:67 SKILL.md:68 SKILL.md:74 SKILL.md:76-78 SKILL.md:78-80 SKILL.md:80-81 SKILL.md:81 SKILL.md:81-83 SKILL.md:83-85
🔑 Variables de entorno (1)
SKILL.md:67

Versión de auditoría 4

Seguro

Jan 16, 2026, 03:22 PM

This skill is a pure markdown prompt file providing guidance for designing blockchain bots using the Silverback SDK. All static findings are false positives. The scanner misidentified standard blockchain terminology (keccak256, sha256, mainnet) as cryptographic weaknesses, CLI documentation as command injection, and documentation URLs as network exfiltration. The skill contains no executable code and advises best practices including using environment variables and circuit breakers for safety.

2
Archivos escaneados
94
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (3)
SKILL.md:16 SKILL.md:18 SKILL.md:19
⚙️ Comandos externos (12)
SKILL.md:16 SKILL.md:63 SKILL.md:65 SKILL.md:67 SKILL.md:68 SKILL.md:74 SKILL.md:76-78 SKILL.md:78-80 SKILL.md:80-81 SKILL.md:81 SKILL.md:81-83 SKILL.md:83-85
🔑 Variables de entorno (1)
SKILL.md:67

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:20 AM

This skill is a pure markdown prompt file providing guidance to AI assistants. It contains no executable code, scripts, or direct system access capabilities. The skill only offers instructions for designing blockchain bots using the Silverback SDK framework.

1
Archivos escaneados
94
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:20 AM

This skill is a pure markdown prompt file providing guidance to AI assistants. It contains no executable code, scripts, or direct system access capabilities. The skill only offers instructions for designing blockchain bots using the Silverback SDK framework.

1
Archivos escaneados
94
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:20 AM

This skill is a pure markdown prompt file providing guidance to AI assistants. It contains no executable code, scripts, or direct system access capabilities. The skill only offers instructions for designing blockchain bots using the Silverback SDK framework.

1
Archivos escaneados
94
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a Skill