📦
Historique des audits
better-auth-best-practices - 2 audits
Version de l’audit 2
Dernier SûrMar 19, 2026, 08:21 AM
This skill contains documentation-only content (SKILL.md) with no executable code. Static analyzer flagged 144 external command patterns and 7 network URLs, but all are false positives: command examples are CLI instructions for users to run manually, and URLs are documentation links. No security risks detected.
1
Fichiers analysés
175
Lignes analysées
2
résultats
claude
Audité par
Aucun problème de sécurité trouvé
Facteurs de risque
⚙️ Commandes externes
Aucun emplacement spécifique enregistré
🌐 Accès réseau
Aucun emplacement spécifique enregistré
Version de l’audit 1
SûrJan 23, 2026, 07:20 AM
All 149 static findings are FALSE POSITIVES. This is a documentation-only skill containing markdown reference material. The scanner misinterpreted inline code examples (CLI commands, config snippets) as executable code. No network calls, file system access, or credential handling exists in this skill. Safe for publication.
1
Fichiers analysés
166
Lignes analysées
3
résultats
claude
Audité par
Problèmes à risque moyen (3)
External Command Patterns in Documentation
Scanner detected backtick-wrapped code patterns (e.g., `openssl rand`, `npx @better-auth/cli migrate`) and flagged as shell execution. These are inline code examples in markdown documentation, not actual command execution.
Network URL Patterns in Documentation
Scanner detected hardcoded URLs (better-auth.com, GitHub, example.com) as external network calls. These are documentation links, not actual network requests.
Credential Access Patterns in Documentation
Scanner flagged references to authCookies, password.hash(), and similar terms as credential access. These are documentation mentions of authentication concepts.