Habilidades api-design-framework Historial de auditorías
📦

Historial de auditorías

api-design-framework - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 10:33 AM

Static analysis reported many high-risk patterns, but review found they are documentation examples, API route snippets, schema fields, and placeholder service URLs. No executable scripts, command execution, credential exfiltration, prompt injection, or malicious intent were found. The remaining low risk is that example URLs and auth placeholders must be customized before production use.

4
Archivos escaneados
2,047
Líneas analizadas
4
hallazgos
codex
Auditado por
Problemas de riesgo bajo (3)
SKILL.md:59-100SKILL.md:298-314SKILL.md:459-535checklists/api-design-checklist.md:19-22checklists/api-design-checklist.md:61-63checklists/api-design-checklist.md:117
False Positive: Markdown API Examples Flagged as Shell Execution
Verdict: FALSE_POSITIVE. The static external command findings point to fenced markdown examples and inline API route examples, such as REST endpoints, GraphQL snippets, gRPC definitions, and checklist items. These files contain no executable scripts or command invocation instructions.
SKILL.md:296-314SKILL.md:599-618templates/openapi-template.yaml:200-212templates/openapi-template.yaml:444-525templates/asyncapi-template.yaml:493-502
False Positive: API Security Terms Flagged as Weak Cryptography
Verdict: FALSE_POSITIVE. The weak cryptography alerts map to API authentication, token, password hash, request ID, and schema examples. The content discusses API security patterns and does not implement cryptographic code.
templates/openapi-template.yaml:22-35templates/openapi-template.yaml:308-370templates/asyncapi-template.yaml:17-21templates/asyncapi-template.yaml:539-542SKILL.md:613-618
Placeholder Network URLs in Templates
Verdict: LOW_RISK_TRUE_POSITIVE. The OpenAPI and AsyncAPI templates include example URLs and hosts for support, servers, CDN assets, documentation, and webhooks. They are not active network calls, but users should replace placeholders before production use.

Factores de riesgo

🌐 Acceso a red (5)
templates/openapi-template.yaml:22-35 templates/openapi-template.yaml:308-370 templates/asyncapi-template.yaml:17-21 templates/asyncapi-template.yaml:539-542 SKILL.md:613-618

Versión de auditoría 5

Seguro

Jan 16, 2026, 04:19 PM

Pure documentation skill containing only Markdown guidance and YAML templates for API design. No executable code, no file system access beyond its own directory, no network calls, no code execution capabilities. All 300 static findings are false positives caused by the scanner misidentifying documentation patterns as security issues.

5
Archivos escaneados
2,260
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (97)
checklists/api-design-checklist.md:19 checklists/api-design-checklist.md:19 checklists/api-design-checklist.md:20 checklists/api-design-checklist.md:21 checklists/api-design-checklist.md:22 checklists/api-design-checklist.md:22 checklists/api-design-checklist.md:41 checklists/api-design-checklist.md:45 checklists/api-design-checklist.md:61 checklists/api-design-checklist.md:62 checklists/api-design-checklist.md:63 checklists/api-design-checklist.md:84 checklists/api-design-checklist.md:117 checklists/api-design-checklist.md:117 SKILL.md:59-67 SKILL.md:67-70 SKILL.md:70-77 SKILL.md:77-80 SKILL.md:80-88 SKILL.md:88-94 SKILL.md:94-95 SKILL.md:95-96 SKILL.md:96-97 SKILL.md:97-98 SKILL.md:98-99 SKILL.md:99-100 SKILL.md:100-108 SKILL.md:108-131 SKILL.md:131-140 SKILL.md:140-143 SKILL.md:143-156 SKILL.md:156-159 SKILL.md:159-183 SKILL.md:183-188 SKILL.md:188-199 SKILL.md:199-205 SKILL.md:205-218 SKILL.md:218-226 SKILL.md:226-229 SKILL.md:229-232 SKILL.md:232-236 SKILL.md:236-239 SKILL.md:239-242 SKILL.md:242-247 SKILL.md:247-253 SKILL.md:253-256 SKILL.md:256-262 SKILL.md:262-265 SKILL.md:265-270 SKILL.md:270-277 SKILL.md:277-294 SKILL.md:294-299 SKILL.md:299-302 SKILL.md:302-305 SKILL.md:305-308 SKILL.md:308-311 SKILL.md:311-314 SKILL.md:314-323 SKILL.md:323-330 SKILL.md:330-333 SKILL.md:333-355 SKILL.md:355-358 SKILL.md:358-379 SKILL.md:379-384 SKILL.md:384-396 SKILL.md:396-399 SKILL.md:399-419 SKILL.md:419-424 SKILL.md:424-433 SKILL.md:433-436 SKILL.md:436-451 SKILL.md:451-460 SKILL.md:460-535 SKILL.md:535-540 SKILL.md:540-550 SKILL.md:550-558 SKILL.md:558-571 SKILL.md:571-578 SKILL.md:578-583 SKILL.md:583-587 SKILL.md:587-597 SKILL.md:597-601 SKILL.md:601-604 SKILL.md:604-607 SKILL.md:607-611 SKILL.md:611-615 SKILL.md:615-624 SKILL.md:624-631 SKILL.md:631-634 SKILL.md:634-637 SKILL.md:637-640 SKILL.md:640-643 SKILL.md:643-646 SKILL.md:646-649 SKILL.md:649-652 SKILL.md:652-655 SKILL.md:655-658
🌐 Acceso a red (14)
SKILL.md:616 templates/asyncapi-template.yaml:80 templates/asyncapi-template.yaml:17 templates/asyncapi-template.yaml:21 templates/asyncapi-template.yaml:542 templates/openapi-template.yaml:22 templates/openapi-template.yaml:26 templates/openapi-template.yaml:28 templates/openapi-template.yaml:31 templates/openapi-template.yaml:33 templates/openapi-template.yaml:35 templates/openapi-template.yaml:308 templates/openapi-template.yaml:344 templates/openapi-template.yaml:370

Versión de auditoría 4

Seguro

Jan 16, 2026, 04:19 PM

Pure documentation skill containing only Markdown guidance and YAML templates for API design. No executable code, no file system access beyond its own directory, no network calls, no code execution capabilities. All 300 static findings are false positives caused by the scanner misidentifying documentation patterns as security issues.

5
Archivos escaneados
2,260
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (97)
checklists/api-design-checklist.md:19 checklists/api-design-checklist.md:19 checklists/api-design-checklist.md:20 checklists/api-design-checklist.md:21 checklists/api-design-checklist.md:22 checklists/api-design-checklist.md:22 checklists/api-design-checklist.md:41 checklists/api-design-checklist.md:45 checklists/api-design-checklist.md:61 checklists/api-design-checklist.md:62 checklists/api-design-checklist.md:63 checklists/api-design-checklist.md:84 checklists/api-design-checklist.md:117 checklists/api-design-checklist.md:117 SKILL.md:59-67 SKILL.md:67-70 SKILL.md:70-77 SKILL.md:77-80 SKILL.md:80-88 SKILL.md:88-94 SKILL.md:94-95 SKILL.md:95-96 SKILL.md:96-97 SKILL.md:97-98 SKILL.md:98-99 SKILL.md:99-100 SKILL.md:100-108 SKILL.md:108-131 SKILL.md:131-140 SKILL.md:140-143 SKILL.md:143-156 SKILL.md:156-159 SKILL.md:159-183 SKILL.md:183-188 SKILL.md:188-199 SKILL.md:199-205 SKILL.md:205-218 SKILL.md:218-226 SKILL.md:226-229 SKILL.md:229-232 SKILL.md:232-236 SKILL.md:236-239 SKILL.md:239-242 SKILL.md:242-247 SKILL.md:247-253 SKILL.md:253-256 SKILL.md:256-262 SKILL.md:262-265 SKILL.md:265-270 SKILL.md:270-277 SKILL.md:277-294 SKILL.md:294-299 SKILL.md:299-302 SKILL.md:302-305 SKILL.md:305-308 SKILL.md:308-311 SKILL.md:311-314 SKILL.md:314-323 SKILL.md:323-330 SKILL.md:330-333 SKILL.md:333-355 SKILL.md:355-358 SKILL.md:358-379 SKILL.md:379-384 SKILL.md:384-396 SKILL.md:396-399 SKILL.md:399-419 SKILL.md:419-424 SKILL.md:424-433 SKILL.md:433-436 SKILL.md:436-451 SKILL.md:451-460 SKILL.md:460-535 SKILL.md:535-540 SKILL.md:540-550 SKILL.md:550-558 SKILL.md:558-571 SKILL.md:571-578 SKILL.md:578-583 SKILL.md:583-587 SKILL.md:587-597 SKILL.md:597-601 SKILL.md:601-604 SKILL.md:604-607 SKILL.md:607-611 SKILL.md:611-615 SKILL.md:615-624 SKILL.md:624-631 SKILL.md:631-634 SKILL.md:634-637 SKILL.md:637-640 SKILL.md:640-643 SKILL.md:643-646 SKILL.md:646-649 SKILL.md:649-652 SKILL.md:652-655 SKILL.md:655-658
🌐 Acceso a red (14)
SKILL.md:616 templates/asyncapi-template.yaml:80 templates/asyncapi-template.yaml:17 templates/asyncapi-template.yaml:21 templates/asyncapi-template.yaml:542 templates/openapi-template.yaml:22 templates/openapi-template.yaml:26 templates/openapi-template.yaml:28 templates/openapi-template.yaml:31 templates/openapi-template.yaml:33 templates/openapi-template.yaml:35 templates/openapi-template.yaml:308 templates/openapi-template.yaml:344 templates/openapi-template.yaml:370

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:27 AM

Pure documentation skill containing only Markdown guidance and YAML templates for API design. No executable code, no file system access beyond its own directory, no network calls, no code execution capabilities. This is a prompt-based knowledge module with zero attack surface.

4
Archivos escaneados
2,047
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:27 AM

Pure documentation skill containing only Markdown guidance and YAML templates for API design. No executable code, no file system access beyond its own directory, no network calls, no code execution capabilities. This is a prompt-based knowledge module with zero attack surface.

4
Archivos escaneados
2,047
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:27 AM

Pure documentation skill containing only Markdown guidance and YAML templates for API design. No executable code, no file system access beyond its own directory, no network calls, no code execution capabilities. This is a prompt-based knowledge module with zero attack surface.

4
Archivos escaneados
2,047
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a Skill