📦
Historial de auditorías
sragent - 6 auditorías
Versión de auditoría 6
Más reciente Riesgo medioJun 28, 2026, 10:25 AM
Static findings are mostly expected for a research workflow skill that runs the SRAgent CLI, queries public genomics services, and downloads papers. No prompt injection, credential exfiltration, or malicious intent was found, but troubleshooting guidance can expose API keys or .env contents and should be treated as a publication warning.
6
Archivos escaneados
2,011
Líneas analizadas
9
hallazgos
codex
Auditado por
Problemas de riesgo medio (3)
Troubleshooting Guidance Can Reveal Credentials
The skill includes commands that echo API key variables, grep environment variables containing API_KEY, and print .env contents. This is useful for setup debugging, but it can disclose secrets into chat logs or terminal output.
External CLI Execution With User-Supplied Research Inputs
The skill instructs the agent to run SRAgent through shell commands and bash_tool examples. This is central to the skill, but accession values and CSV paths should be validated before being placed in shell commands.
Network Downloads and Local File Writes Are Expected Behavior
The papers workflow retrieves publications from public sources and writes PDFs or enriched CSV files to output directories. This creates normal network and filesystem exposure for a publication-retrieval skill, not evidence of malicious exfiltration.
Problemas de riesgo bajo (2)
Static Sensitive-File and Crypto Matches Are False Positives
BioSample accession examples such as SAMN are biological identifiers, not Windows SAM database access. Old instrument names such as LS454 are sequencing platforms, not weak cryptographic algorithms.
Hidden Home Directory Access Is Installation Guidance
The ~/.claude/skills path is used to install the skill for Claude Code. It is not evidence of stealthy hidden-file access or unauthorized reading of user data.
Factores de riesgo
⚙️ Comandos externos (4)
🌐 Acceso a red (4)
📁 Acceso al sistema de archivos (4)
🔑 Variables de entorno (5)
Patrones detectados
Shell Command Invocation PatternSecret-Printing Troubleshooting Pattern
Versión de auditoría 5
SeguroJan 16, 2026, 04:16 PM
All 413 static findings are false positives. The skill consists only of markdown documentation files. No executable code exists in this skill. The static analyzer incorrectly flagged markdown code block delimiters, example environment variable placeholders, and NCBI field names as security issues.
7
Archivos escaneados
2,271
Líneas analizadas
4
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
Factores de riesgo
⚙️ Comandos externos (281)
README.md:8-20 README.md:20-25 README.md:25-37 README.md:37-40 README.md:40-46 README.md:46-53 README.md:53-56 README.md:56-71 README.md:71-74 README.md:74-77 README.md:77-81 README.md:81-84 README.md:84-88 README.md:88-92 README.md:92-93 README.md:93-94 README.md:94-95 README.md:95-109 README.md:109-110 README.md:110-114 README.md:114-115 README.md:115-116 README.md:116-120 README.md:120-121 references/metadata-fields.md:10-16 references/metadata-fields.md:16-19 references/metadata-fields.md:19-24 references/metadata-fields.md:24-27 references/metadata-fields.md:27-33 references/metadata-fields.md:33-38 references/metadata-fields.md:38-48 references/metadata-fields.md:48-51 references/metadata-fields.md:51-60 references/metadata-fields.md:60-63 references/metadata-fields.md:63-74 references/metadata-fields.md:74-77 references/metadata-fields.md:77-85 references/metadata-fields.md:85-88 references/metadata-fields.md:88-96 references/metadata-fields.md:96-101 references/metadata-fields.md:101-109 references/metadata-fields.md:109-112 references/metadata-fields.md:112-130 references/metadata-fields.md:130-133 references/metadata-fields.md:133-140 references/metadata-fields.md:140-143 references/metadata-fields.md:143-149 references/metadata-fields.md:149-154 references/metadata-fields.md:154-167 references/metadata-fields.md:167-170 references/metadata-fields.md:170-182 references/metadata-fields.md:182-187 references/metadata-fields.md:187-198 references/metadata-fields.md:198-201 references/metadata-fields.md:201-213 references/metadata-fields.md:213-216 references/metadata-fields.md:216-221 references/metadata-fields.md:221-226 references/metadata-fields.md:226-235 references/metadata-fields.md:235-238 references/metadata-fields.md:238-243 references/metadata-fields.md:243-248 references/metadata-fields.md:248-256 references/metadata-fields.md:256-259 references/metadata-fields.md:259-269 references/metadata-fields.md:269-274 references/metadata-fields.md:274-289 references/metadata-fields.md:289-292 references/metadata-fields.md:292-305 references/metadata-fields.md:305-310 references/metadata-fields.md:310-316 references/metadata-fields.md:316-319 references/metadata-fields.md:319-331 references/metadata-fields.md:331-334 references/metadata-fields.md:334-345 references/metadata-fields.md:345-350 references/metadata-fields.md:350-390 references/metadata-fields.md:390-414 references/metadata-fields.md:414-416 references/metadata-fields.md:416-419 references/metadata-fields.md:419-426 references/metadata-fields.md:426-429 references/metadata-fields.md:429-431 references/metadata-fields.md:431-434 references/metadata-fields.md:434-440 references/metadata-fields.md:440-443 references/metadata-fields.md:443-445 references/metadata-fields.md:445-448 references/metadata-fields.md:448-454 references/metadata-fields.md:454-459 references/metadata-fields.md:459-465 references/metadata-fields.md:465-468 references/metadata-fields.md:468-469 references/metadata-fields.md:469-478 references/metadata-fields.md:478-483 references/quick-reference.md:6-15 references/quick-reference.md:15-18 references/quick-reference.md:18-27 references/quick-reference.md:27-30 references/quick-reference.md:30-39 references/quick-reference.md:39-42 references/quick-reference.md:42-51 references/quick-reference.md:51-55 references/quick-reference.md:55-71 references/quick-reference.md:71-77 references/quick-reference.md:77-78 references/quick-reference.md:78-79 references/quick-reference.md:79-80 references/quick-reference.md:80-81 references/quick-reference.md:81-82 references/quick-reference.md:82-83 references/quick-reference.md:83-88 references/quick-reference.md:88-99 references/quick-reference.md:99-102 references/quick-reference.md:102-106 references/quick-reference.md:106-109 references/quick-reference.md:109-115 references/quick-reference.md:115-118 references/quick-reference.md:118-125 references/quick-reference.md:125-130 references/quick-reference.md:130-138 references/quick-reference.md:138-141 references/quick-reference.md:141-152 references/quick-reference.md:152-164 references/quick-reference.md:164-175 references/quick-reference.md:175-178 references/quick-reference.md:178-183 references/quick-reference.md:183-188 references/quick-reference.md:188-191 references/quick-reference.md:191-195 references/quick-reference.md:195-198 references/quick-reference.md:198-201 references/quick-reference.md:201-206 references/quick-reference.md:206-213 references/quick-reference.md:213-216 references/quick-reference.md:216-223 references/quick-reference.md:223-226 references/quick-reference.md:226-233 references/quick-reference.md:233-236 references/quick-reference.md:236-244 references/quick-reference.md:244-248 references/quick-reference.md:248-260 references/quick-reference.md:260-265 references/quick-reference.md:265-279 references/quick-reference.md:279-282 references/quick-reference.md:282-297 references/quick-reference.md:297-303 references/quick-reference.md:303 references/quick-reference.md:303-304 references/quick-reference.md:304-305 references/quick-reference.md:305-323 references/quick-reference.md:323-335 references/quick-reference.md:335-339 references/quick-reference.md:339-354 references/usage-examples.md:8-10 references/usage-examples.md:10-13 references/usage-examples.md:13-22 references/usage-examples.md:22-33 references/usage-examples.md:33-35 references/usage-examples.md:35-38 references/usage-examples.md:38-42 references/usage-examples.md:42-53 references/usage-examples.md:53-55 references/usage-examples.md:55-58 references/usage-examples.md:58-63 references/usage-examples.md:63-74 references/usage-examples.md:74-77 references/usage-examples.md:77-80 references/usage-examples.md:80-87 references/usage-examples.md:87-101 references/usage-examples.md:101-107 references/usage-examples.md:107-110 references/usage-examples.md:110-112 references/usage-examples.md:112-115 references/usage-examples.md:115-126 references/usage-examples.md:126-129 references/usage-examples.md:129-132 references/usage-examples.md:132-145 references/usage-examples.md:145-147 references/usage-examples.md:147-150 references/usage-examples.md:150-153 references/usage-examples.md:153-169 references/usage-examples.md:169-172 references/usage-examples.md:172-175 references/usage-examples.md:175-184 references/usage-examples.md:184-196 references/usage-examples.md:196-210 references/usage-examples.md:210-222 references/usage-examples.md:222-230 references/usage-examples.md:230-245 references/usage-examples.md:245-258 references/usage-examples.md:258-273 references/usage-examples.md:273-274 references/usage-examples.md:274-275 references/usage-examples.md:275-284 references/usage-examples.md:284-287 references/usage-examples.md:287-290 references/usage-examples.md:290-292 references/usage-examples.md:292-295 references/usage-examples.md:295-299 references/usage-examples.md:299-302 references/usage-examples.md:302-304 SKILL.md:23-25 SKILL.md:25-29 SKILL.md:29-31 SKILL.md:31-42 SKILL.md:42-45 SKILL.md:45-47 SKILL.md:47-52 SKILL.md:52-54 SKILL.md:54-56 SKILL.md:56-58 SKILL.md:58-60 SKILL.md:60-62 SKILL.md:62-64 SKILL.md:64-66 SKILL.md:66-69 SKILL.md:69-73 SKILL.md:73-81 SKILL.md:81-87 SKILL.md:87-93 SKILL.md:93-140 SKILL.md:140-150 SKILL.md:150-159 SKILL.md:159-161 SKILL.md:161-177 SKILL.md:177-189 SKILL.md:189-191 SKILL.md:191-200 SKILL.md:200-201 SKILL.md:201 SKILL.md:201-202 SKILL.md:202-205 SKILL.md:205-220 SKILL.md:220-223 SKILL.md:223-229 SKILL.md:229-230 SKILL.md:230-231 SKILL.md:231-236 SKILL.md:236-245 SKILL.md:245-248 SKILL.md:248-257 SKILL.md:257-260 SKILL.md:260-276 SKILL.md:276-279 SKILL.md:279-288 SKILL.md:288-296 SKILL.md:296-314 SKILL.md:314-320 SKILL.md:320-337 SKILL.md:337-342 SKILL.md:342 SKILL.md:342-343 SKILL.md:343 SKILL.md:343-346 SKILL.md:346 SKILL.md:346-347 SKILL.md:347 SKILL.md:347-348 SKILL.md:348 SKILL.md:348-349 SKILL.md:349 SKILL.md:349-352 SKILL.md:352 SKILL.md:352-353 SKILL.md:353 SKILL.md:353-354 SKILL.md:354-357 SKILL.md:357-365 SKILL.md:365-399 SKILL.md:399-410 SKILL.md:410-414 SKILL.md:414-425 SKILL.md:425-430 SKILL.md:430-437 SKILL.md:437-440 SKILL.md:440-446 SKILL.md:446-468 SKILL.md:468-470 SKILL.md:470-472 SKILL.md:472-474
🌐 Acceso a red (13)
📁 Acceso al sistema de archivos (9)
🔑 Variables de entorno (27)
README.md:27 README.md:29 README.md:33 README.md:36 README.md:41 README.md:115 references/quick-reference.md:250 references/quick-reference.md:250 references/quick-reference.md:251 references/quick-reference.md:251 references/quick-reference.md:253 references/quick-reference.md:253 references/quick-reference.md:257 references/quick-reference.md:257 references/quick-reference.md:303 references/quick-reference.md:303 references/quick-reference.md:305 references/quick-reference.md:334 references/quick-reference.md:344 SKILL.md:66 SKILL.md:52 SKILL.md:54 SKILL.md:60 SKILL.md:62 SKILL.md:422 SKILL.md:442 SKILL.md:459
Versión de auditoría 4
SeguroJan 16, 2026, 04:16 PM
All 413 static findings are false positives. The skill consists only of markdown documentation files. No executable code exists in this skill. The static analyzer incorrectly flagged markdown code block delimiters, example environment variable placeholders, and NCBI field names as security issues.
7
Archivos escaneados
2,271
Líneas analizadas
4
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
Factores de riesgo
⚙️ Comandos externos (281)
README.md:8-20 README.md:20-25 README.md:25-37 README.md:37-40 README.md:40-46 README.md:46-53 README.md:53-56 README.md:56-71 README.md:71-74 README.md:74-77 README.md:77-81 README.md:81-84 README.md:84-88 README.md:88-92 README.md:92-93 README.md:93-94 README.md:94-95 README.md:95-109 README.md:109-110 README.md:110-114 README.md:114-115 README.md:115-116 README.md:116-120 README.md:120-121 references/metadata-fields.md:10-16 references/metadata-fields.md:16-19 references/metadata-fields.md:19-24 references/metadata-fields.md:24-27 references/metadata-fields.md:27-33 references/metadata-fields.md:33-38 references/metadata-fields.md:38-48 references/metadata-fields.md:48-51 references/metadata-fields.md:51-60 references/metadata-fields.md:60-63 references/metadata-fields.md:63-74 references/metadata-fields.md:74-77 references/metadata-fields.md:77-85 references/metadata-fields.md:85-88 references/metadata-fields.md:88-96 references/metadata-fields.md:96-101 references/metadata-fields.md:101-109 references/metadata-fields.md:109-112 references/metadata-fields.md:112-130 references/metadata-fields.md:130-133 references/metadata-fields.md:133-140 references/metadata-fields.md:140-143 references/metadata-fields.md:143-149 references/metadata-fields.md:149-154 references/metadata-fields.md:154-167 references/metadata-fields.md:167-170 references/metadata-fields.md:170-182 references/metadata-fields.md:182-187 references/metadata-fields.md:187-198 references/metadata-fields.md:198-201 references/metadata-fields.md:201-213 references/metadata-fields.md:213-216 references/metadata-fields.md:216-221 references/metadata-fields.md:221-226 references/metadata-fields.md:226-235 references/metadata-fields.md:235-238 references/metadata-fields.md:238-243 references/metadata-fields.md:243-248 references/metadata-fields.md:248-256 references/metadata-fields.md:256-259 references/metadata-fields.md:259-269 references/metadata-fields.md:269-274 references/metadata-fields.md:274-289 references/metadata-fields.md:289-292 references/metadata-fields.md:292-305 references/metadata-fields.md:305-310 references/metadata-fields.md:310-316 references/metadata-fields.md:316-319 references/metadata-fields.md:319-331 references/metadata-fields.md:331-334 references/metadata-fields.md:334-345 references/metadata-fields.md:345-350 references/metadata-fields.md:350-390 references/metadata-fields.md:390-414 references/metadata-fields.md:414-416 references/metadata-fields.md:416-419 references/metadata-fields.md:419-426 references/metadata-fields.md:426-429 references/metadata-fields.md:429-431 references/metadata-fields.md:431-434 references/metadata-fields.md:434-440 references/metadata-fields.md:440-443 references/metadata-fields.md:443-445 references/metadata-fields.md:445-448 references/metadata-fields.md:448-454 references/metadata-fields.md:454-459 references/metadata-fields.md:459-465 references/metadata-fields.md:465-468 references/metadata-fields.md:468-469 references/metadata-fields.md:469-478 references/metadata-fields.md:478-483 references/quick-reference.md:6-15 references/quick-reference.md:15-18 references/quick-reference.md:18-27 references/quick-reference.md:27-30 references/quick-reference.md:30-39 references/quick-reference.md:39-42 references/quick-reference.md:42-51 references/quick-reference.md:51-55 references/quick-reference.md:55-71 references/quick-reference.md:71-77 references/quick-reference.md:77-78 references/quick-reference.md:78-79 references/quick-reference.md:79-80 references/quick-reference.md:80-81 references/quick-reference.md:81-82 references/quick-reference.md:82-83 references/quick-reference.md:83-88 references/quick-reference.md:88-99 references/quick-reference.md:99-102 references/quick-reference.md:102-106 references/quick-reference.md:106-109 references/quick-reference.md:109-115 references/quick-reference.md:115-118 references/quick-reference.md:118-125 references/quick-reference.md:125-130 references/quick-reference.md:130-138 references/quick-reference.md:138-141 references/quick-reference.md:141-152 references/quick-reference.md:152-164 references/quick-reference.md:164-175 references/quick-reference.md:175-178 references/quick-reference.md:178-183 references/quick-reference.md:183-188 references/quick-reference.md:188-191 references/quick-reference.md:191-195 references/quick-reference.md:195-198 references/quick-reference.md:198-201 references/quick-reference.md:201-206 references/quick-reference.md:206-213 references/quick-reference.md:213-216 references/quick-reference.md:216-223 references/quick-reference.md:223-226 references/quick-reference.md:226-233 references/quick-reference.md:233-236 references/quick-reference.md:236-244 references/quick-reference.md:244-248 references/quick-reference.md:248-260 references/quick-reference.md:260-265 references/quick-reference.md:265-279 references/quick-reference.md:279-282 references/quick-reference.md:282-297 references/quick-reference.md:297-303 references/quick-reference.md:303 references/quick-reference.md:303-304 references/quick-reference.md:304-305 references/quick-reference.md:305-323 references/quick-reference.md:323-335 references/quick-reference.md:335-339 references/quick-reference.md:339-354 references/usage-examples.md:8-10 references/usage-examples.md:10-13 references/usage-examples.md:13-22 references/usage-examples.md:22-33 references/usage-examples.md:33-35 references/usage-examples.md:35-38 references/usage-examples.md:38-42 references/usage-examples.md:42-53 references/usage-examples.md:53-55 references/usage-examples.md:55-58 references/usage-examples.md:58-63 references/usage-examples.md:63-74 references/usage-examples.md:74-77 references/usage-examples.md:77-80 references/usage-examples.md:80-87 references/usage-examples.md:87-101 references/usage-examples.md:101-107 references/usage-examples.md:107-110 references/usage-examples.md:110-112 references/usage-examples.md:112-115 references/usage-examples.md:115-126 references/usage-examples.md:126-129 references/usage-examples.md:129-132 references/usage-examples.md:132-145 references/usage-examples.md:145-147 references/usage-examples.md:147-150 references/usage-examples.md:150-153 references/usage-examples.md:153-169 references/usage-examples.md:169-172 references/usage-examples.md:172-175 references/usage-examples.md:175-184 references/usage-examples.md:184-196 references/usage-examples.md:196-210 references/usage-examples.md:210-222 references/usage-examples.md:222-230 references/usage-examples.md:230-245 references/usage-examples.md:245-258 references/usage-examples.md:258-273 references/usage-examples.md:273-274 references/usage-examples.md:274-275 references/usage-examples.md:275-284 references/usage-examples.md:284-287 references/usage-examples.md:287-290 references/usage-examples.md:290-292 references/usage-examples.md:292-295 references/usage-examples.md:295-299 references/usage-examples.md:299-302 references/usage-examples.md:302-304 SKILL.md:23-25 SKILL.md:25-29 SKILL.md:29-31 SKILL.md:31-42 SKILL.md:42-45 SKILL.md:45-47 SKILL.md:47-52 SKILL.md:52-54 SKILL.md:54-56 SKILL.md:56-58 SKILL.md:58-60 SKILL.md:60-62 SKILL.md:62-64 SKILL.md:64-66 SKILL.md:66-69 SKILL.md:69-73 SKILL.md:73-81 SKILL.md:81-87 SKILL.md:87-93 SKILL.md:93-140 SKILL.md:140-150 SKILL.md:150-159 SKILL.md:159-161 SKILL.md:161-177 SKILL.md:177-189 SKILL.md:189-191 SKILL.md:191-200 SKILL.md:200-201 SKILL.md:201 SKILL.md:201-202 SKILL.md:202-205 SKILL.md:205-220 SKILL.md:220-223 SKILL.md:223-229 SKILL.md:229-230 SKILL.md:230-231 SKILL.md:231-236 SKILL.md:236-245 SKILL.md:245-248 SKILL.md:248-257 SKILL.md:257-260 SKILL.md:260-276 SKILL.md:276-279 SKILL.md:279-288 SKILL.md:288-296 SKILL.md:296-314 SKILL.md:314-320 SKILL.md:320-337 SKILL.md:337-342 SKILL.md:342 SKILL.md:342-343 SKILL.md:343 SKILL.md:343-346 SKILL.md:346 SKILL.md:346-347 SKILL.md:347 SKILL.md:347-348 SKILL.md:348 SKILL.md:348-349 SKILL.md:349 SKILL.md:349-352 SKILL.md:352 SKILL.md:352-353 SKILL.md:353 SKILL.md:353-354 SKILL.md:354-357 SKILL.md:357-365 SKILL.md:365-399 SKILL.md:399-410 SKILL.md:410-414 SKILL.md:414-425 SKILL.md:425-430 SKILL.md:430-437 SKILL.md:437-440 SKILL.md:440-446 SKILL.md:446-468 SKILL.md:468-470 SKILL.md:470-472 SKILL.md:472-474
🌐 Acceso a red (13)
📁 Acceso al sistema de archivos (9)
🔑 Variables de entorno (27)
README.md:27 README.md:29 README.md:33 README.md:36 README.md:41 README.md:115 references/quick-reference.md:250 references/quick-reference.md:250 references/quick-reference.md:251 references/quick-reference.md:251 references/quick-reference.md:253 references/quick-reference.md:253 references/quick-reference.md:257 references/quick-reference.md:257 references/quick-reference.md:303 references/quick-reference.md:303 references/quick-reference.md:305 references/quick-reference.md:334 references/quick-reference.md:344 SKILL.md:66 SKILL.md:52 SKILL.md:54 SKILL.md:60 SKILL.md:62 SKILL.md:422 SKILL.md:442 SKILL.md:459
Versión de auditoría 3
Riesgo bajoJan 10, 2026, 10:21 AM
Pure documentation/prompt skill with no executable code. External command references are for legitimate bioinformatics tool (SRAgent). Network calls described are to established scientific APIs (NCBI, PubMed, Europe PMC). No obfuscation, no credential theft patterns, no suspicious destinations.
6
Archivos escaneados
2,011
Líneas analizadas
4
hallazgos
claude
Auditado por
Problemas de riesgo bajo (1)
External command execution via bash tool
Skill instructs Claude to execute SRAgent commands via bash. While SRAgent is a legitimate bioinformatics tool, the pattern `bash_tool(command="SRAgent ...")` at SKILL.md:298-313 enables arbitrary command execution. An attacker who compromised this skill could modify commands to run malicious payloads. Mitigation: This is standard behavior for Claude skills interfacing with CLI tools.
Factores de riesgo
⚙️ Comandos externos (2)
🌐 Acceso a red (1)
🔑 Variables de entorno (1)
Versión de auditoría 2
Riesgo bajoJan 10, 2026, 10:21 AM
Pure documentation/prompt skill with no executable code. External command references are for legitimate bioinformatics tool (SRAgent). Network calls described are to established scientific APIs (NCBI, PubMed, Europe PMC). No obfuscation, no credential theft patterns, no suspicious destinations.
6
Archivos escaneados
2,011
Líneas analizadas
4
hallazgos
claude
Auditado por
Problemas de riesgo bajo (1)
External command execution via bash tool
Skill instructs Claude to execute SRAgent commands via bash. While SRAgent is a legitimate bioinformatics tool, the pattern `bash_tool(command="SRAgent ...")` at SKILL.md:298-313 enables arbitrary command execution. An attacker who compromised this skill could modify commands to run malicious payloads. Mitigation: This is standard behavior for Claude skills interfacing with CLI tools.
Factores de riesgo
⚙️ Comandos externos (2)
🌐 Acceso a red (1)
🔑 Variables de entorno (1)
Versión de auditoría 1
Riesgo bajoJan 10, 2026, 10:21 AM
Pure documentation/prompt skill with no executable code. External command references are for legitimate bioinformatics tool (SRAgent). Network calls described are to established scientific APIs (NCBI, PubMed, Europe PMC). No obfuscation, no credential theft patterns, no suspicious destinations.
6
Archivos escaneados
2,011
Líneas analizadas
4
hallazgos
claude
Auditado por
Problemas de riesgo bajo (1)
External command execution via bash tool
Skill instructs Claude to execute SRAgent commands via bash. While SRAgent is a legitimate bioinformatics tool, the pattern `bash_tool(command="SRAgent ...")` at SKILL.md:298-313 enables arbitrary command execution. An attacker who compromised this skill could modify commands to run malicious payloads. Mitigation: This is standard behavior for Claude skills interfacing with CLI tools.