Historial de auditorías - skill-installer

Versión de auditoría 6

Más reciente Riesgo bajo

Jan 21, 2026, 07:36 PM

This skill provides legitimate package management functionality for installing Codex skills from GitHub repositories. The static analyzer detected numerous false positives from JSON content. Network access and filesystem operations are appropriate for a skill installer. The skill references helper scripts that are not present in the directory, which may cause runtime errors but does not pose a security threat.

2

Archivos escaneados

607

Líneas analizadas

6

hallazgos

claude

Auditado por

Problemas de riesgo bajo (2)

SKILL.md:36-39

Missing Helper Scripts

The SKILL.md documentation references Python helper scripts in a scripts directory that are not present in the skill directory. This will cause runtime errors when the skill attempts to execute these scripts but does not pose a security threat.

SKILL.md:53

GitHub Token Environment Variable Access

The skill documentation mentions accessing GITHUB_TOKEN or GH_TOKEN environment variables for private repository authentication. This is legitimate functionality for accessing private GitHub repositories but users should be aware of credential usage.

Factores de riesgo

🌐 Acceso a red (5)

skill-report.json:6 SKILL.md:10 SKILL.md:39 SKILL.md:52 SKILL.md:55

⚙️ Comandos externos (16)

SKILL.md:36 SKILL.md:37 SKILL.md:38 SKILL.md:39 SKILL.md:46 SKILL.md:46 SKILL.md:47 SKILL.md:47 SKILL.md:48 SKILL.md:48 SKILL.md:48 SKILL.md:48 SKILL.md:52 SKILL.md:53 SKILL.md:53 SKILL.md:56

📁 Acceso al sistema de archivos (5)

SKILL.md:46 SKILL.md:10 SKILL.md:46 SKILL.md:52 SKILL.md:55

🔑 Variables de entorno (2)

SKILL.md:53 SKILL.md:53

Versión de auditoría 5

Riesgo medio

Jan 17, 2026, 02:38 AM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2

Archivos escaneados

233

Líneas analizadas

4

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (5)

skill-report.json:6 SKILL.md:10 SKILL.md:39 SKILL.md:52 SKILL.md:55

🔑 Variables de entorno (4)

skill-report.json:152 skill-report.json:152 SKILL.md:53 SKILL.md:53

⚙️ Comandos externos (16)

SKILL.md:36 SKILL.md:37 SKILL.md:38 SKILL.md:39 SKILL.md:46 SKILL.md:46 SKILL.md:47 SKILL.md:47 SKILL.md:48 SKILL.md:48 SKILL.md:48 SKILL.md:48 SKILL.md:52 SKILL.md:53 SKILL.md:53 SKILL.md:56

📁 Acceso al sistema de archivos (5)

SKILL.md:46 SKILL.md:10 SKILL.md:46 SKILL.md:52 SKILL.md:55

Patrones detectados

Hardcoded URLGit platform tokensC2 keywordsWeak cryptographic algorithmSystem reconnaissanceRuby/shell backtick executionHidden file in home directoryHidden file access[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Versión de auditoría 4

Riesgo medio

Jan 17, 2026, 02:38 AM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2

Archivos escaneados

233

Líneas analizadas

4

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (5)

skill-report.json:6 SKILL.md:10 SKILL.md:39 SKILL.md:52 SKILL.md:55

🔑 Variables de entorno (4)

skill-report.json:152 skill-report.json:152 SKILL.md:53 SKILL.md:53

⚙️ Comandos externos (16)

SKILL.md:36 SKILL.md:37 SKILL.md:38 SKILL.md:39 SKILL.md:46 SKILL.md:46 SKILL.md:47 SKILL.md:47 SKILL.md:48 SKILL.md:48 SKILL.md:48 SKILL.md:48 SKILL.md:52 SKILL.md:53 SKILL.md:53 SKILL.md:56

📁 Acceso al sistema de archivos (5)

SKILL.md:46 SKILL.md:10 SKILL.md:46 SKILL.md:52 SKILL.md:55

Patrones detectados

Hardcoded URLGit platform tokensC2 keywordsWeak cryptographic algorithmSystem reconnaissanceRuby/shell backtick executionHidden file in home directoryHidden file access[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Versión de auditoría 3

Seguro

Jan 7, 2026, 01:32 AM

Pure prompt-based skill containing only documentation and AI behavior instructions. No executable code, scripts, or network calls are included in this skill. The referenced helper scripts are external dependencies that Codex would execute, not part of this skill package.

1

Archivos escaneados

57

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 7, 2026, 01:32 AM

Pure prompt-based skill containing only documentation and AI behavior instructions. No executable code, scripts, or network calls are included in this skill. The referenced helper scripts are external dependencies that Codex would execute, not part of this skill package.

1

Archivos escaneados

57

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 7, 2026, 01:32 AM

Pure prompt-based skill containing only documentation and AI behavior instructions. No executable code, scripts, or network calls are included in this skill. The referenced helper scripts are external dependencies that Codex would execute, not part of this skill package.

1

Archivos escaneados

57

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad