Historial de auditorías - writing-skills

Versión de auditoría 5

Más reciente Riesgo bajo

Jan 17, 2026, 01:38 AM

Documentation skill for skill authoring methodology. Static analysis flagged 521 patterns in markdown files showing code examples (not executable) and documentation references. The only executable file (render-graphs.js) is a legitimate helper script for rendering Graphviz diagrams. No network access, no credential handling, no data exfiltration. All static findings are false positives from documentation examples.

8

Archivos escaneados

3,189

Líneas analizadas

4

hallazgos

claude

Auditado por

Problemas de riesgo bajo (1)

render-graphs.js:72-76 render-graphs.js:112-118

Script executes external command

render-graphs.js uses execSync to run Graphviz dot command for diagram rendering. Purpose is legitimate (visualizing skill flowcharts), output is restricted to skill subdirectory.

Factores de riesgo

⚙️ Comandos externos (3)

SKILL.md:12 anthropic-best-practices.md:32-43 examples/CLAUDE_MD_TESTING.md:8-25

⚡ Contiene scripts (1)

render-graphs.js:1-169

📁 Acceso al sistema de archivos (2)

render-graphs.js:120 render-graphs.js:131-146

Versión de auditoría 4

Riesgo bajo

Jan 17, 2026, 01:38 AM

Documentation skill for skill authoring methodology. Static analysis flagged 521 patterns in markdown files showing code examples (not executable) and documentation references. The only executable file (render-graphs.js) is a legitimate helper script for rendering Graphviz diagrams. No network access, no credential handling, no data exfiltration. All static findings are false positives from documentation examples.

8

Archivos escaneados

3,189

Líneas analizadas

4

hallazgos

claude

Auditado por

Problemas de riesgo bajo (1)

render-graphs.js:72-76 render-graphs.js:112-118

Script executes external command

render-graphs.js uses execSync to run Graphviz dot command for diagram rendering. Purpose is legitimate (visualizing skill flowcharts), output is restricted to skill subdirectory.

Factores de riesgo

⚙️ Comandos externos (3)

SKILL.md:12 anthropic-best-practices.md:32-43 examples/CLAUDE_MD_TESTING.md:8-25

⚡ Contiene scripts (1)

render-graphs.js:1-169

📁 Acceso al sistema de archivos (2)

render-graphs.js:120 render-graphs.js:131-146

Versión de auditoría 3

Riesgo bajo

Jan 7, 2026, 01:43 AM

Documentation-focused skill with one helper script that renders Graphviz diagrams to SVG. All capabilities align with stated purpose. No network access, no credential handling, no data exfiltration.

7

Archivos escaneados

2,738

Líneas analizadas

4

hallazgos

claude

Auditado por

Problemas de riesgo bajo (1)

render-graphs.js:72-76 render-graphs.js:112-118

Script executes external command

render-graphs.js uses execSync to run 'dot -Tsvg' (graphviz renderer) and 'which dot' (command availability check). This is necessary for the documented purpose of rendering flowchart diagrams from skill documentation. The script only writes to a 'diagrams' subdirectory within the skill directory.

Factores de riesgo

⚡ Contiene scripts (1)

render-graphs.js:1-169

⚙️ Comandos externos (2)

render-graphs.js:72-76 render-graphs.js:112-118

📁 Acceso al sistema de archivos (3)

render-graphs.js:105-108 render-graphs.js:120 render-graphs.js:131-146

Versión de auditoría 2

Riesgo bajo

Jan 7, 2026, 01:43 AM

Documentation-focused skill with one helper script that renders Graphviz diagrams to SVG. All capabilities align with stated purpose. No network access, no credential handling, no data exfiltration.

7

Archivos escaneados

2,738

Líneas analizadas

4

hallazgos

claude

Auditado por

Problemas de riesgo bajo (1)

render-graphs.js:72-76 render-graphs.js:112-118

Script executes external command

render-graphs.js uses execSync to run 'dot -Tsvg' (graphviz renderer) and 'which dot' (command availability check). This is necessary for the documented purpose of rendering flowchart diagrams from skill documentation. The script only writes to a 'diagrams' subdirectory within the skill directory.

Factores de riesgo

⚡ Contiene scripts (1)

render-graphs.js:1-169

⚙️ Comandos externos (2)

render-graphs.js:72-76 render-graphs.js:112-118

📁 Acceso al sistema de archivos (3)

render-graphs.js:105-108 render-graphs.js:120 render-graphs.js:131-146

Versión de auditoría 1

Riesgo bajo

Jan 7, 2026, 01:43 AM

Documentation-focused skill with one helper script that renders Graphviz diagrams to SVG. All capabilities align with stated purpose. No network access, no credential handling, no data exfiltration.

7

Archivos escaneados

2,738

Líneas analizadas

4

hallazgos

claude

Auditado por

Problemas de riesgo bajo (1)

render-graphs.js:72-76 render-graphs.js:112-118

Script executes external command

render-graphs.js uses execSync to run 'dot -Tsvg' (graphviz renderer) and 'which dot' (command availability check). This is necessary for the documented purpose of rendering flowchart diagrams from skill documentation. The script only writes to a 'diagrams' subdirectory within the skill directory.

Factores de riesgo

⚡ Contiene scripts (1)

render-graphs.js:1-169

⚙️ Comandos externos (2)

render-graphs.js:72-76 render-graphs.js:112-118

📁 Acceso al sistema de archivos (3)

render-graphs.js:105-108 render-graphs.js:120 render-graphs.js:131-146