Habilidades citation-management Historial de auditorías
📚

Historial de auditorías

citation-management - 4 auditorías

Versión de auditoría 4

Más reciente Riesgo bajo

Jan 17, 2026, 06:19 AM

Legitimate academic citation management tool. Static analysis produced 1131 false positives by misinterpreting markdown code blocks as shell commands, list comprehensions as obfuscation, and documentation as network reconnaissance. Actual Python scripts make authorized API calls to public academic databases (CrossRef, PubMed, arXiv) for metadata retrieval.

15
Archivos escaneados
8,548
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (3)
scripts/extract_metadata.py:108 scripts/search_pubmed.py:30 scripts/doi_to_bibtex.py:43
📁 Acceso al sistema de archivos (2)
scripts/extract_metadata.py:558 scripts/search_pubmed.py:389
🔑 Variables de entorno (2)
scripts/extract_metadata.py:32 scripts/search_pubmed.py:28-29

Versión de auditoría 3

Riesgo bajo

Jan 17, 2026, 06:19 AM

Legitimate academic citation management tool. Static analysis produced 1131 false positives by misinterpreting markdown code blocks as shell commands, list comprehensions as obfuscation, and documentation as network reconnaissance. Actual Python scripts make authorized API calls to public academic databases (CrossRef, PubMed, arXiv) for metadata retrieval.

15
Archivos escaneados
8,548
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (3)
scripts/extract_metadata.py:108 scripts/search_pubmed.py:30 scripts/doi_to_bibtex.py:43
📁 Acceso al sistema de archivos (2)
scripts/extract_metadata.py:558 scripts/search_pubmed.py:389
🔑 Variables de entorno (2)
scripts/extract_metadata.py:32 scripts/search_pubmed.py:28-29

Versión de auditoría 2

Riesgo bajo

Jan 12, 2026, 04:38 PM

Legitimate academic citation management tool. Static scanner produced 1124 false positives by misinterpreting markdown code blocks as Ruby backticks, BibTeX citation keys as cryptographic keys, and documentation URLs as network endpoints. Actual Python scripts make legitimate API calls to public academic databases (CrossRef, PubMed, arXiv) and use standard environment variable patterns for optional API credentials.

14
Archivos escaneados
8,213
Líneas analizadas
4
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (3)
scripts/search_pubmed.py:1-398 scripts/extract_metadata.py:1-50 scripts/format_bibtex.py:1-120
🌐 Acceso a red (2)
scripts/search_pubmed.py:69-83 scripts/extract_metadata.py:98-120
📁 Acceso al sistema de archivos (2)
scripts/format_bibtex.py:37-42 scripts/search_pubmed.py:389-391
🔑 Variables de entorno (1)
scripts/search_pubmed.py:28-29

Versión de auditoría 1

Riesgo bajo

Jan 4, 2026, 04:52 PM

The skill includes six Python scripts that access scholarly databases (CrossRef, PubMed, arXiv, Google Scholar) and read/write user-provided BibTeX files. All network calls target legitimate academic APIs documented in the code. The scripts' behavior matches the stated purpose of citation management. No obfuscation, hidden execution paths, or credential theft patterns were detected. Two minor concerns involve HTTP usage for arXiv API and optional proxy configuration for scholarly library rate limiting.

16
Archivos escaneados
8,534
Líneas analizadas
6
hallazgos
claude
Auditado por
Problemas de riesgo bajo (2)
scripts/extract_metadata.py:223-230
arXiv API uses plain HTTP
The arXiv API endpoint uses HTTP: `url = 'http://export.arxiv.org/api/query'`. An attacker with network access could observe or modify metadata responses. The queried data is public scholarly metadata with no sensitive user data.
scripts/search_google_scholar.py:38-43
Optional free proxy for scholarly
Google Scholar search can optionally route traffic through free proxies: `pg.FreeProxies()` and `scholarly.use_proxy(pg)`. Proxy operators could observe search queries. This is explicitly optional, disabled by default, and documented in the script.

Factores de riesgo

⚡ Contiene scripts (1)
scripts/doi_to_bibtex.py:1-10
🌐 Acceso a red (1)
scripts/extract_metadata.py:108-112
📁 Acceso al sistema de archivos (1)
scripts/format_bibtex.py:37-39
🔑 Variables de entorno (1)
scripts/search_pubmed.py:28-29
← Volver a Skill