Historial de auditorías - dev-servers

Versión de auditoría 6

Más reciente Seguro

Jan 21, 2026, 04:11 PM

All static findings evaluated as false positives. The skill is a legitimate developer utility for starting local development servers. The 'weak cryptographic algorithm' patterns are false matches on 'uvicorn' text. 'Backtick execution' patterns are markdown code formatting in documentation. Hardcoded URLs are standard localhost addresses. Environment variable access is for configuration validation with explicit guardrails against key exposure.

2

Archivos escaneados

486

Líneas analizadas

3

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

📁 Acceso al sistema de archivos (1)

SKILL.md:11-12

⚙️ Comandos externos (2)

SKILL.md:15-16 SKILL.md:19-20

🔑 Variables de entorno (2)

SKILL.md:22 SKILL.md:30

Versión de auditoría 5

Riesgo medio

Jan 16, 2026, 03:33 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2

Archivos escaneados

258

Líneas analizadas

4

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (5)

skill-report.json:6 skill-report.json:174 skill-report.json:175 SKILL.md:19 SKILL.md:20

📁 Acceso al sistema de archivos (3)

skill-report.json:6 skill-report.json:83 skill-report.json:173

🔑 Variables de entorno (4)

skill-report.json:72 skill-report.json:205 SKILL.md:22 SKILL.md:30

⚙️ Comandos externos (9)

SKILL.md:11 SKILL.md:12 SKILL.md:15 SKILL.md:16 SKILL.md:19 SKILL.md:20 SKILL.md:22 SKILL.md:22 SKILL.md:22

Patrones detectados

Hardcoded URLHidden file accessGeneric API/secret keysEnvironment file accessWeak cryptographic algorithmRuby/shell backtick execution[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Versión de auditoría 4

Riesgo medio

Jan 16, 2026, 03:33 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2

Archivos escaneados

258

Líneas analizadas

4

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (5)

skill-report.json:6 skill-report.json:174 skill-report.json:175 SKILL.md:19 SKILL.md:20

📁 Acceso al sistema de archivos (3)

skill-report.json:6 skill-report.json:83 skill-report.json:173

🔑 Variables de entorno (4)

skill-report.json:72 skill-report.json:205 SKILL.md:22 SKILL.md:30

⚙️ Comandos externos (9)

SKILL.md:11 SKILL.md:12 SKILL.md:15 SKILL.md:16 SKILL.md:19 SKILL.md:20 SKILL.md:22 SKILL.md:22 SKILL.md:22

Patrones detectados

Hardcoded URLHidden file accessGeneric API/secret keysEnvironment file accessWeak cryptographic algorithmRuby/shell backtick execution[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Versión de auditoría 3

Riesgo bajo

Jan 10, 2026, 10:20 AM

Prompt-only skill with explicit command definitions and appropriate guardrails. Legitimate dev tool behavior matching stated purpose.

1

Archivos escaneados

33

Líneas analizadas

4

hallazgos

claude

Auditado por

Problemas de riesgo bajo (2)

SKILL.md:14-20

External command execution via Bash tool

The skill provides instructions for the AI to execute shell commands including 'pip install', 'npm install', 'uvicorn', and 'npm run dev'. These are legitimate dev commands explicitly listed in the instructions. The skill includes guardrails to protect sensitive data (OPENAI_API_KEY).

SKILL.md:10-12

Filesystem access for dependency detection

The skill checks for backend/venv/, frontend/node_modules/, and backend/.env files. These checks are standard for dev environment setup and explicitly documented.

Factores de riesgo

⚙️ Comandos externos (1)

SKILL.md:14-20

📁 Acceso al sistema de archivos (1)

SKILL.md:10-12

Versión de auditoría 2

Riesgo bajo

Jan 10, 2026, 10:20 AM

Prompt-only skill with explicit command definitions and appropriate guardrails. Legitimate dev tool behavior matching stated purpose.

1

Archivos escaneados

33

Líneas analizadas

4

hallazgos

claude

Auditado por

Problemas de riesgo bajo (2)

SKILL.md:14-20

External command execution via Bash tool

The skill provides instructions for the AI to execute shell commands including 'pip install', 'npm install', 'uvicorn', and 'npm run dev'. These are legitimate dev commands explicitly listed in the instructions. The skill includes guardrails to protect sensitive data (OPENAI_API_KEY).

SKILL.md:10-12

Filesystem access for dependency detection

The skill checks for backend/venv/, frontend/node_modules/, and backend/.env files. These checks are standard for dev environment setup and explicitly documented.

Factores de riesgo

⚙️ Comandos externos (1)

SKILL.md:14-20

📁 Acceso al sistema de archivos (1)

SKILL.md:10-12

Versión de auditoría 1

Riesgo bajo

Jan 10, 2026, 10:20 AM

Prompt-only skill with explicit command definitions and appropriate guardrails. Legitimate dev tool behavior matching stated purpose.

1

Archivos escaneados

33

Líneas analizadas

4

hallazgos

claude

Auditado por

Problemas de riesgo bajo (2)

SKILL.md:14-20

External command execution via Bash tool

The skill provides instructions for the AI to execute shell commands including 'pip install', 'npm install', 'uvicorn', and 'npm run dev'. These are legitimate dev commands explicitly listed in the instructions. The skill includes guardrails to protect sensitive data (OPENAI_API_KEY).

SKILL.md:10-12

Filesystem access for dependency detection

The skill checks for backend/venv/, frontend/node_modules/, and backend/.env files. These checks are standard for dev environment setup and explicitly documented.

Factores de riesgo

⚙️ Comandos externos (1)

SKILL.md:14-20

📁 Acceso al sistema de archivos (1)

SKILL.md:10-12