Habilidades copilot-mcp-server Historial de auditorías
📦

Historial de auditorías

copilot-mcp-server - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo medio

Jun 28, 2026, 12:52 PM

The static Ruby/shell backtick, weak cryptography, and network reconnaissance findings are false positives from Markdown examples and ordinary descriptive text. The skill has legitimate elevated risk because it sends user prompts or code to GitHub Copilot MCP tools and documents broad delegated tool access with allowAllTools.

1
Archivos escaneados
217
Líneas analizadas
6
hallazgos
codex
Auditado por
Problemas de riesgo medio (2)
SKILL.md:21-27SKILL.md:211-214
External AI Service Data Exposure
The skill is designed to pass prompts, context, and code snippets to GitHub Copilot MCP tools. This is expected functionality, but users may disclose proprietary code or sensitive project context to an external service.
SKILL.md:21-27SKILL.md:143-149
Broad Delegated Tool Access Option
The skill documents an allowAllTools option and shows it enabled in an example. Enabling broad tool access can expand the actions available to the downstream Copilot agent beyond simple text analysis.
Problemas de riesgo bajo (2)
SKILL.md:21-28SKILL.md:33-38SKILL.md:43-48SKILL.md:53-59SKILL.md:64-69SKILL.md:74-79SKILL.md:84-89SKILL.md:96-98SKILL.md:103-107SKILL.md:144-150SKILL.md:153-161SKILL.md:164-170SKILL.md:173-184
False Positive: Markdown Tool Examples Detected as Shell Execution
The static analyzer marked JavaScript fenced examples and MCP tool names as Ruby or shell backtick execution. These are documentation snippets for MCP calls, not executable shell commands in the skill.
SKILL.md:3SKILL.md:19SKILL.md:86SKILL.md:114SKILL.md:211
False Positive: Weak Crypto and Reconnaissance Keywords
The static high-risk hits occur in descriptive text such as the front matter description, model guidance, and integration notes. No cryptographic function, hash algorithm, scanner, or reconnaissance command is present.

Factores de riesgo

🌐 Acceso a red (2)
SKILL.md:21-27 SKILL.md:211-214
⚙️ Comandos externos (2)
SKILL.md:21-27 SKILL.md:143-149

Patrones detectados

Documented Broad Tool Delegation

Versión de auditoría 5

Seguro

Jan 16, 2026, 06:23 PM

This is a documentation-only skill containing no executable code. The static findings are all false positives: model names and repository URLs were misidentified as cryptographic algorithms and C2 keywords; JavaScript code examples with parentheses were flagged as backtick execution; and documentation text was misinterpreted. This skill provides only markdown documentation and metadata about GitHub Copilot MCP server integration.

2
Archivos escaneados
394
Líneas analizadas
1
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (28)
SKILL.md:21-28 SKILL.md:28-33 SKILL.md:33-38 SKILL.md:38-43 SKILL.md:43-48 SKILL.md:48-53 SKILL.md:53-59 SKILL.md:59-64 SKILL.md:64-69 SKILL.md:69-74 SKILL.md:74-79 SKILL.md:79-84 SKILL.md:84-89 SKILL.md:89-96 SKILL.md:96-98 SKILL.md:98-103 SKILL.md:103-107 SKILL.md:107-144 SKILL.md:144-150 SKILL.md:150-153 SKILL.md:153-155 SKILL.md:156 SKILL.md:158-161 SKILL.md:161-164 SKILL.md:164-170 SKILL.md:170-173 SKILL.md:173-175 SKILL.md:181-184

Versión de auditoría 4

Seguro

Jan 16, 2026, 06:23 PM

This is a documentation-only skill containing no executable code. The static findings are all false positives: model names and repository URLs were misidentified as cryptographic algorithms and C2 keywords; JavaScript code examples with parentheses were flagged as backtick execution; and documentation text was misinterpreted. This skill provides only markdown documentation and metadata about GitHub Copilot MCP server integration.

2
Archivos escaneados
394
Líneas analizadas
1
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (28)
SKILL.md:21-28 SKILL.md:28-33 SKILL.md:33-38 SKILL.md:38-43 SKILL.md:43-48 SKILL.md:48-53 SKILL.md:53-59 SKILL.md:59-64 SKILL.md:64-69 SKILL.md:69-74 SKILL.md:74-79 SKILL.md:79-84 SKILL.md:84-89 SKILL.md:89-96 SKILL.md:96-98 SKILL.md:98-103 SKILL.md:103-107 SKILL.md:107-144 SKILL.md:144-150 SKILL.md:150-153 SKILL.md:153-155 SKILL.md:156 SKILL.md:158-161 SKILL.md:161-164 SKILL.md:164-170 SKILL.md:170-173 SKILL.md:173-175 SKILL.md:181-184

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:50 AM

This is a documentation-only skill (SKILL.md) providing metadata and prompt templates for GitHub Copilot MCP server integration. No executable code, scripts, network calls, or filesystem access is present. Pure documentation skill with no security concerns.

1
Archivos escaneados
217
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:50 AM

This is a documentation-only skill (SKILL.md) providing metadata and prompt templates for GitHub Copilot MCP server integration. No executable code, scripts, network calls, or filesystem access is present. Pure documentation skill with no security concerns.

1
Archivos escaneados
217
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:50 AM

This is a documentation-only skill (SKILL.md) providing metadata and prompt templates for GitHub Copilot MCP server integration. No executable code, scripts, network calls, or filesystem access is present. Pure documentation skill with no security concerns.

1
Archivos escaneados
217
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a la habilidad