Compétences api-jwt-authenticator Historique des audits
📦

Historique des audits

api-jwt-authenticator - 6 audits

Version de l’audit 6

Dernier Risque faible

Jun 28, 2026, 03:48 AM

Static analysis flagged Markdown backticks, JWT terminology, and HTTP authentication documentation as suspicious patterns. Review found no executable code, shell invocation, prompt injection, malware behavior, or data exfiltration in SKILL.md. The skill is a conceptual security guide and is safe to publish with low residual risk.

1
Fichiers analysés
136
Lignes analysées
0
Review items
3
False positives ignored
Static false positives ignored (3)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Faible
False Positive: Markdown Formatting Flagged as Shell Execution
The flagged locations use Markdown inline code for an Authorization header and JWT claim names. They do not contain Ruby code, shell execution, command substitution, or user-controlled command construction.
The evidence is plain Markdown documentation. The surrounding text describes token format and claims, not executable Ruby or shell behavior.
Faible
False Positive: Weak Cryptography Pattern Not Confirmed
The flagged lines do not specify a weak signing algorithm or unsafe cryptographic implementation. Line 7 is the skill description, and line 128 discusses testing error response formats.
No cryptographic algorithm is named at either location. The skill recommends validating JWT signatures and expiration but does not prescribe insecure crypto.
Faible
False Positive: System Reconnaissance Pattern Not Confirmed
The flagged locations describe HTTP status handling, token structure, information disclosure avoidance, and authentication tests. They do not collect host data, enumerate files, or inspect the runtime environment.
The context is API authentication guidance. No commands, filesystem reads, environment probing, or network discovery instructions are present.
Aucun problème de sécurité trouvé
Audité par: codex

Version de l’audit 5

Sûr

Jan 16, 2026, 03:39 PM

This is a pure documentation skill providing conceptual guidance for implementing JWT authentication in FastAPI APIs. Contains no executable code, no network calls, no filesystem operations, and no external command execution. The static analysis findings are false positives triggered by security-related terminology in documentation (JWT, authorization, tokens, roles) and metadata fields. All 27 static findings are dismissed as keyword-pattern false positives.

2
Fichiers analysés
314
Lignes analysées
1
Review items
0
False positives ignored
Audité par: claude

Version de l’audit 4

Sûr

Jan 16, 2026, 03:39 PM

This is a pure documentation skill providing conceptual guidance for implementing JWT authentication in FastAPI APIs. Contains no executable code, no network calls, no filesystem operations, and no external command execution. The static analysis findings are false positives triggered by security-related terminology in documentation (JWT, authorization, tokens, roles) and metadata fields. All 27 static findings are dismissed as keyword-pattern false positives.

2
Fichiers analysés
314
Lignes analysées
1
Review items
0
False positives ignored
Audité par: claude

Version de l’audit 3

Sûr

Jan 10, 2026, 09:48 AM

Pure documentation-based conceptual skill containing only a SKILL.md file. No executable code, no network calls, no filesystem access beyond its own file. The content provides guidance on implementing JWT authentication following security best practices.

1
Fichiers analysés
136
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude

Version de l’audit 2

Sûr

Jan 10, 2026, 09:48 AM

Pure documentation-based conceptual skill containing only a SKILL.md file. No executable code, no network calls, no filesystem access beyond its own file. The content provides guidance on implementing JWT authentication following security best practices.

1
Fichiers analysés
136
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude

Version de l’audit 1

Sûr

Jan 10, 2026, 09:48 AM

Pure documentation-based conceptual skill containing only a SKILL.md file. No executable code, no network calls, no filesystem access beyond its own file. The content provides guidance on implementing JWT authentication following security best practices.

1
Fichiers analysés
136
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude