Habilidades repo-metadata Historial de auditorías
📦

Historial de auditorías

repo-metadata - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 11:53 AM

Static analysis reported many high-severity weak-cryptography and command-execution patterns, but review found they are false positives in YAML examples, schema documentation, and Markdown code fences. The executable Python script performs intended local repository scanning and metadata generation without subprocess execution or outbound network requests. No prompt injection attempt or malicious intent was found.

7
Archivos escaneados
1,119
Líneas analizadas
6
hallazgos
codex
Auditado por
Problemas de riesgo bajo (4)
scripts/generate-metadata.py:123-130scripts/generate-metadata.py:195-198
Recursive Local Repository Scanning
The generator accepts a repository path and recursively reads matching source and metadata files to infer service catalog fields. This is expected behavior for the skill, but users should run it only on repositories they are allowed to inspect because local file contents influence the generated output.
examples/catalog-info-gateway.yaml:7examples/catalog-info-template.yaml:51-54references/schema.md:74-75SKILL.md:32
Static Weak-Cryptography Detections Are False Positives
The reported weak-cryptography hits occur in catalog metadata examples and schema reference text. They describe component fields such as APIs, events, schemas, and services, not cryptographic algorithms or security-sensitive hashing.
SKILL.md:87-96references/schema.md:3-7scripts/generate-metadata.py:16
Static Command-Execution Detections Are False Positives
The reported Ruby or shell backtick matches are Markdown inline-code and fenced-code formatting that describe commands or schema fields. The Python script imports subprocess but does not call subprocess, and no reviewed file executes shell commands.
scripts/generate-metadata.py:95-100
Static Network Detections Are False Positives
The network pattern is a regular expression used to detect HTTP client libraries in the target repository. It is not an HTTP request made by the skill itself.

Factores de riesgo

⚡ Contiene scripts (2)
scripts/generate-metadata.py:1 scripts/generate-metadata.py:456-482
📁 Acceso al sistema de archivos (3)
scripts/generate-metadata.py:123-130 scripts/generate-metadata.py:195-198 scripts/generate-metadata.py:208-223

Versión de auditoría 5

Seguro

Jan 16, 2026, 05:04 PM

All 212 static findings are false positives. The static analyzer misidentifies YAML schema type values (like 'service', 'gateway', 'kafka') as weak cryptographic algorithms and misinterprets markdown backtick formatting as shell command execution. This skill is a legitimate documentation generator that reads local repository files and outputs YAML metadata without network access, credential handling, or code execution beyond Python subprocess calls for git status.

8
Archivos escaneados
1,385
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (1)
scripts/generate-metadata.py:1-483
📁 Acceso al sistema de archivos (2)
scripts/generate-metadata.py:123-134 scripts/generate-metadata.py:196-202

Versión de auditoría 4

Seguro

Jan 16, 2026, 05:04 PM

All 212 static findings are false positives. The static analyzer misidentifies YAML schema type values (like 'service', 'gateway', 'kafka') as weak cryptographic algorithms and misinterprets markdown backtick formatting as shell command execution. This skill is a legitimate documentation generator that reads local repository files and outputs YAML metadata without network access, credential handling, or code execution beyond Python subprocess calls for git status.

8
Archivos escaneados
1,385
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (1)
scripts/generate-metadata.py:1-483
📁 Acceso al sistema de archivos (2)
scripts/generate-metadata.py:123-134 scripts/generate-metadata.py:196-202

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:37 AM

This is a legitimate documentation generation skill that analyzes repositories to generate service catalog metadata. The Python script reads local files, parses code patterns, and outputs YAML metadata. No network calls, no credential access, no data exfiltration. Standard filesystem operations for documentation purposes.

7
Archivos escaneados
1,119
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (1)
scripts/generate-metadata.py:1-483
📁 Acceso al sistema de archivos (2)
scripts/generate-metadata.py:85-134 scripts/generate-metadata.py:182-202

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:37 AM

This is a legitimate documentation generation skill that analyzes repositories to generate service catalog metadata. The Python script reads local files, parses code patterns, and outputs YAML metadata. No network calls, no credential access, no data exfiltration. Standard filesystem operations for documentation purposes.

7
Archivos escaneados
1,119
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (1)
scripts/generate-metadata.py:1-483
📁 Acceso al sistema de archivos (2)
scripts/generate-metadata.py:85-134 scripts/generate-metadata.py:182-202

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:37 AM

This is a legitimate documentation generation skill that analyzes repositories to generate service catalog metadata. The Python script reads local files, parses code patterns, and outputs YAML metadata. No network calls, no credential access, no data exfiltration. Standard filesystem operations for documentation purposes.

7
Archivos escaneados
1,119
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (1)
scripts/generate-metadata.py:1-483
📁 Acceso al sistema de archivos (2)
scripts/generate-metadata.py:85-134 scripts/generate-metadata.py:182-202
← Volver a Skill