Compétences error-memory Historique des audits
📦

Historique des audits

error-memory - 6 audits

Version de l’audit 6

Dernier Risque faible

Jun 28, 2026, 04:41 AM

The external command, weak cryptography, and reconnaissance findings are false positives from Markdown content in SKILL.md. The skill does instruct the assistant to append or create a local .claude/errors.md file, so it has low filesystem persistence risk.

1
Fichiers analysés
60
Lignes analysées
4
Review items
0
False positives ignored

Confirmed security concerns (1)

Faible
Static Blocker Findings Are False Positives
The weak cryptography finding at line 3 and reconnaissance finding at line 11 do not match the file content. Line 3 starts the YAML description, and line 11 says to document errors.
The referenced lines contain no cryptographic algorithm and no system reconnaissance command. The evidence supports dismissing both static blocker findings.
Capability review items (2)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Faible
Local Error Log Persistence
The skill instructs the assistant to append to .claude/errors.md and create that file if missing. This is expected behavior, but it can persist project mistakes or user corrections in the workspace.
The file write behavior is explicitly documented in the process steps. No network transfer, secret harvesting, or hidden execution behavior is present.
Faible
Static External Command Findings Are False Positives
The reported backtick locations are Markdown inline code labels and fenced example content. They do not execute Ruby, shell, or any external command.
The lines are plain Markdown in SKILL.md, including type labels and template examples. I found no executable script or command invocation.

Facteurs de risque

📁 Accès au système de fichiers (2)
Audité par: codex

Version de l’audit 5

Sûr

Jan 16, 2026, 03:03 PM

This is a pure prompt-based skill containing only markdown documentation. No executable code, scripts, network calls, filesystem access, or external command execution exists. The 21 static findings are false positives caused by the analyzer misinterpreting markdown syntax (backticks for inline code, table syntax, YAML frontmatter) as code patterns. All 'weak cryptographic algorithm', 'external_commands', 'network', and 'system reconnaissance' detections are benign documentation text.

2
Fichiers analysés
238
Lignes analysées
1
Review items
0
False positives ignored
Audité par: claude

Version de l’audit 4

Sûr

Jan 16, 2026, 03:03 PM

This is a pure prompt-based skill containing only markdown documentation. No executable code, scripts, network calls, filesystem access, or external command execution exists. The 21 static findings are false positives caused by the analyzer misinterpreting markdown syntax (backticks for inline code, table syntax, YAML frontmatter) as code patterns. All 'weak cryptographic algorithm', 'external_commands', 'network', and 'system reconnaissance' detections are benign documentation text.

2
Fichiers analysés
238
Lignes analysées
1
Review items
0
False positives ignored
Audité par: claude

Version de l’audit 3

Sûr

Jan 10, 2026, 09:53 AM

This is a pure prompt-based skill containing only markdown documentation with behavioral guidelines. No executable code, scripts, network calls, filesystem access, environment variable access, or external command execution. The skill consists solely of instructions for error documentation.

1
Fichiers analysés
60
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude

Version de l’audit 2

Sûr

Jan 10, 2026, 09:53 AM

This is a pure prompt-based skill containing only markdown documentation with behavioral guidelines. No executable code, scripts, network calls, filesystem access, environment variable access, or external command execution. The skill consists solely of instructions for error documentation.

1
Fichiers analysés
60
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude

Version de l’audit 1

Sûr

Jan 10, 2026, 09:53 AM

This is a pure prompt-based skill containing only markdown documentation with behavioral guidelines. No executable code, scripts, network calls, filesystem access, environment variable access, or external command execution. The skill consists solely of instructions for error documentation.

1
Fichiers analysés
60
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude