Habilidades context-resume Historial de auditorías
📦

Historial de auditorías

context-resume - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo medio

Jun 28, 2026, 09:59 PM

The static Ruby shell execution detections are false positives caused by Markdown backticks and example text in SKILL.md. The weak cryptography detection at SKILL.md:3 is also a false positive with no cryptographic operation present. The skill still has medium filesystem risk because it instructs the assistant to read, update, and delete session files.

1
Archivos escaneados
179
Líneas analizadas
5
hallazgos
codex
Auditado por
Problemas de riesgo medio (2)
Filesystem Modification And Deletion
The skill instructs the assistant to update session files after each task and delete a session file when all tasks are complete. This is intended behavior, but it can remove user data if the completion state is wrong.
Untrusted Session Content Can Influence Work
The skill loads and displays the full selected session, then uses that information to continue work. A malicious or stale session file could steer later actions if not treated as untrusted context.
Problemas de riesgo bajo (2)
Static Shell Execution Findings Are False Positives
The reported Ruby shell backtick matches occur in Markdown inline code, code fences, example output, and command shortcut labels. No evidence found of executable Ruby code or shell command invocation.
Weak Cryptography Finding Is A False Positive
The high static finding points to the description line, which contains Chinese prose about restoring context. No evidence found of MD5, SHA1, DES, RC4, or any cryptographic operation.

Factores de riesgo

Patrones detectados

Deletes Session Files After CompletionActs On File-Derived Context

Versión de auditoría 5

Seguro

Jan 16, 2026, 08:29 PM

This skill contains only documentation (SKILL.md) describing a session resume workflow. No executable code exists. The static analyzer generated false positives by misidentifying plain text as cryptographic algorithms and markdown syntax as shell commands. All 30 findings are dismissed as false positives.

2
Archivos escaneados
356
Líneas analizadas
1
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 4

Seguro

Jan 16, 2026, 08:29 PM

This skill contains only documentation (SKILL.md) describing a session resume workflow. No executable code exists. The static analyzer generated false positives by misidentifying plain text as cryptographic algorithms and markdown syntax as shell commands. All 30 findings are dismissed as false positives.

2
Archivos escaneados
356
Líneas analizadas
1
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 3

Seguro

Jan 10, 2026, 12:12 PM

This is a documentation-only skill that provides instructions for resuming Claude Code sessions. No code execution, network calls, or file access capabilities were found. The skill only describes a workflow for managing session files in docs/context-sessions/ directory.

1
Archivos escaneados
179
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 12:12 PM

This is a documentation-only skill that provides instructions for resuming Claude Code sessions. No code execution, network calls, or file access capabilities were found. The skill only describes a workflow for managing session files in docs/context-sessions/ directory.

1
Archivos escaneados
179
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 12:12 PM

This is a documentation-only skill that provides instructions for resuming Claude Code sessions. No code execution, network calls, or file access capabilities were found. The skill only describes a workflow for managing session files in docs/context-sessions/ directory.

1
Archivos escaneados
179
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad