Habilidades qwen-image-pro Historial de auditorías
📸

Historial de auditorías

qwen-image-pro - 2 auditorías

Versión de auditoría 2

Más reciente Seguro

Mar 6, 2026, 08:49 AM

All static findings are false positives. The skill uses the legitimate inference.sh CLI tool to access Alibaba Qwen-Image-2.0-Pro API for image generation. External command detections are documentation examples, network URLs are legitimate service endpoints, and cryptographic algorithm warnings are scanner misinterpretations. No actual security vulnerabilities present.

1
Archivos escaneados
206
Líneas analizadas
5
hallazgos
claude
Auditado por

Problemas de riesgo alto (1)

SKILL.md:3
Weak Cryptographic Algorithm Warning (False Positive)
Static scanner incorrectly flagged 'weak cryptographic algorithm' at multiple lines. Upon review, these are documentation content (parameter names like 'prompt_extend', URLs, and text descriptions). No cryptographic operations are performed.
Problemas de riesgo medio (1)
SKILL.md:15
External Command Examples (False Positive)
Static scanner flagged 40 locations of 'Ruby/shell backtick execution'. These are documentation examples showing how to use the infsh CLI tool (e.g., 'infsh login', 'infsh app run'). This is legitimate documentation, not actual code execution.
Problemas de riesgo bajo (1)
SKILL.md:9
Hardcoded URLs (False Positive)
Static scanner flagged 7 hardcoded URLs. These are legitimate links to inference.sh documentation and example URLs for the image generation service.

Factores de riesgo

⚙️ Comandos externos (1)
SKILL.md:15
🌐 Acceso a red (1)
SKILL.md:9

Versión de auditoría 1

Seguro

Mar 5, 2026, 08:56 AM

All 56 static findings are false positives. The skill file contains only markdown documentation with code examples showing how to use the inference.sh CLI. The detected patterns (shell commands, URLs) appear in fenced code blocks as legitimate documentation examples. No executable code, prompt injection attempts, or malicious intent detected. Safe to publish.

1
Archivos escaneados
206
Líneas analizadas
3
hallazgos
claude
Auditado por
Problemas de riesgo bajo (1)
SKILL.md:17-21SKILL.md:35-39
Documentation Code Blocks Contain Shell Commands
The skill documentation contains shell command examples in fenced code blocks. These are markdown documentation examples showing users how to use the inference.sh CLI tool, not executable code. No security risk.

Factores de riesgo

⚙️ Comandos externos (9)
SKILL.md:15-21 SKILL.md:35-50 SKILL.md:54-62 SKILL.md:66-71 SKILL.md:75-84 SKILL.md:88-93 SKILL.md:145-152 SKILL.md:156-184 SKILL.md:188-197
🌐 Acceso a red (3)
SKILL.md:9-11 SKILL.md:79-80 SKILL.md:203-206
← Volver a Skill