Habilidades pitfalls-blockchain Historial de auditorías
📦

Historial de auditorías

pitfalls-blockchain - 7 auditorías

Versión de auditoría 7

Más reciente Riesgo bajo

Jun 28, 2026, 12:59 PM

Static analysis reported command execution, network, environment, wallet, weak crypto, and combined-risk patterns. Review found these are Markdown and TypeScript examples, not executable skill code, with no evidence of prompt injection or malicious intent. The only residual concerns are documentation examples that mention RPC endpoints and environment variables.

1
Archivos escaneados
185
Líneas analizadas
7
hallazgos
codex
Auditado por
Problemas de riesgo bajo (5)
SKILL.md:37SKILL.md:45SKILL.md:73SKILL.md:77SKILL.md:104SKILL.md:108SKILL.md:126SKILL.md:130SKILL.md:146SKILL.md:150SKILL.md:174
Static Command Execution Findings Are Markdown False Positives
The reported Ruby or shell backtick execution locations are fenced Markdown code blocks or a TypeScript template string. No executable skill script, shell command, or instruction to run commands is present.
SKILL.md:170SKILL.md:171SKILL.md:172
Hardcoded RPC URLs Are Documentation Examples
The hardcoded URLs are example fallback RPC endpoints in a code sample. They do not transmit data by themselves, but users should replace placeholder keys with their own configured providers.
SKILL.md:113SKILL.md:120
Environment Variable References Are Non-Secret RPC Configuration Examples
The environment variable references are example RPC URL configuration fields. No private key, wallet seed, environment file read, or outbound transmission of secret values is present.
SKILL.md:3SKILL.md:56SKILL.md:113SKILL.md:120
Sensitive Wallet And Weak Crypto Findings Are Keyword False Positives
The blockchain domain text mentions chain configuration and execution reverts, which triggered sensitive and weak-crypto rules. No wallet private key, seed phrase, cryptographic implementation, or weak hash algorithm is shown.
SKILL.md:1-185
Combined Critical Heuristic Not Confirmed
The critical combination of code execution, network, and credential access is not supported by the file contents. The apparent signals come from Markdown examples, placeholder RPC URLs, and non-secret RPC environment variables.

Factores de riesgo

🌐 Acceso a red (3)
SKILL.md:170 SKILL.md:171 SKILL.md:172
🔑 Variables de entorno (2)
SKILL.md:113 SKILL.md:120

Versión de auditoría 6

Seguro

Jan 21, 2026, 02:52 PM

Static scanner flagged 41 patterns but all are false positives. The skill is pure documentation with TypeScript code examples for blockchain best practices. Findings include misidentified markdown code blocks as shell execution, environment variable examples as credential access, and example RPC URLs as hardcoded endpoints. No executable code, no network calls, no credential exfiltration.

2
Archivos escaneados
656
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (1)
SKILL.md:170-172
⚙️ Comandos externos (6)
SKILL.md:37-45 SKILL.md:73-77 SKILL.md:104-108 SKILL.md:126-130 SKILL.md:146-150 SKILL.md:174-179
🔑 Variables de entorno (2)
SKILL.md:113 SKILL.md:120

Versión de auditoría 5

Riesgo medio

Jan 16, 2026, 06:11 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Archivos escaneados
361
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (3)
SKILL.md:170 SKILL.md:171 SKILL.md:172
🔑 Variables de entorno (4)
SKILL.md:113 SKILL.md:120 SKILL.md:113 SKILL.md:120
⚙️ Comandos externos (11)
SKILL.md:37-45 SKILL.md:45-73 SKILL.md:73-77 SKILL.md:77-104 SKILL.md:104-108 SKILL.md:108-126 SKILL.md:126-130 SKILL.md:130-146 SKILL.md:146-150 SKILL.md:150-174 SKILL.md:174-179

Patrones detectados

Hardcoded URLEnvironment variable objectEnvironment file accessWeak cryptographic algorithmSystem reconnaissanceRuby/shell backtick executionEnvironment variable access (dot notation)Cryptocurrency wallet[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Versión de auditoría 4

Riesgo medio

Jan 16, 2026, 06:11 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Archivos escaneados
361
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (3)
SKILL.md:170 SKILL.md:171 SKILL.md:172
🔑 Variables de entorno (4)
SKILL.md:113 SKILL.md:120 SKILL.md:113 SKILL.md:120
⚙️ Comandos externos (11)
SKILL.md:37-45 SKILL.md:45-73 SKILL.md:73-77 SKILL.md:77-104 SKILL.md:104-108 SKILL.md:108-126 SKILL.md:126-130 SKILL.md:130-146 SKILL.md:146-150 SKILL.md:150-174 SKILL.md:174-179

Patrones detectados

Hardcoded URLEnvironment variable objectEnvironment file accessWeak cryptographic algorithmSystem reconnaissanceRuby/shell backtick executionEnvironment variable access (dot notation)Cryptocurrency wallet[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Versión de auditoría 3

Seguro

Jan 10, 2026, 11:18 AM

This is a pure prompt-based skill containing only documentation and code examples. No executable code, network calls, file system access, or environment variable reading. The process.env references in examples are documentation only.

1
Archivos escaneados
185
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 11:18 AM

This is a pure prompt-based skill containing only documentation and code examples. No executable code, network calls, file system access, or environment variable reading. The process.env references in examples are documentation only.

1
Archivos escaneados
185
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 11:18 AM

This is a pure prompt-based skill containing only documentation and code examples. No executable code, network calls, file system access, or environment variable reading. The process.env references in examples are documentation only.

1
Archivos escaneados
185
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a la habilidad