監査履歴 - analysis-tshark

監査バージョン 6

高リスクの問題 (3)

Privileged Live Packet Capture

The skill instructs users to run TShark with sudo on live interfaces and to grant packet capture capabilities. This can intercept traffic outside an authorized scope and expose private communications.

SKILL.md:276-286 SKILL.md:289-319

Credential and Hash Extraction Workflows

The skill provides TShark filters for HTTP Basic Auth, FTP passwords, NTLM responses, Kerberos names, POP3 credentials, and IMAP login data. These are legitimate for forensics but can directly enable credential harvesting.

SKILL.md:603-611

TLS Decryption Material Handling

The troubleshooting guidance uses SSL key log files and server private keys to decrypt TLS traffic. Misuse could expose protected communications from packet captures.

中リスクの問題 (3)

SKILL.md:322-337 SKILL.md:340-347

Sensitive File and Object Extraction

The skill shows how to export HTTP, SMB, DICOM, and email objects from packet captures and reconstruct files. This can recover sensitive documents or medical and email content from network traffic.

SKILL.md:543-555

Automated Alert Pipeline Can Distribute Sensitive Traffic Data

The automation example pipes captured network fields into logs and email alerts. If copied without redaction, sensitive hostnames, IP addresses, or request metadata could be distributed broadly.

assets/ci-config-template.yml:237-240

Pipe-to-Shell Installer in CI Template

The CI template installs tfsec by piping a remote script directly to bash. This is a risky supply-chain pattern if users copy the template into production workflows.

低リスクの問題 (2)

assets/rule-template.yaml:132-165 references/EXAMPLE.md:132-138

Static Scanner Hits in Educational Templates

Several reported XSS, hardcoded secret, weak crypto, and command patterns appear in rule examples or documentation templates. They demonstrate vulnerable and fixed code rather than active skill behavior.

SKILL.md:24-30

No Prompt Injection Evidence Found

A targeted review did not find override phrases or instructions telling the evaluator to skip security analysis. This lowers the likelihood of hidden marketplace manipulation.

リスク要因

⚙️ 外部コマンド (4)

SKILL.md:36-41 SKILL.md:281-286 SKILL.md:543-555 assets/ci-config-template.yml:237-240

🌐 ネットワークアクセス (3)

SKILL.md:36-41 SKILL.md:206-207 SKILL.md:550-554

📁 ファイルシステムへのアクセス (3)

SKILL.md:322-337 SKILL.md:340-344 assets/ci-config-template.yml:323

🔑 環境変数 (3)

assets/ci-config-template.yml:164 assets/rule-template.yaml:147-148 SKILL.md:607-611

⚡ スクリプトを含む (1)

references/EXAMPLE.md:137-138

検出されたパターン

sudo TShark Capture CommandsCredential Extraction FiltersRemote Script Piped to BashTLS Key Material Configuration

監査バージョン 5

安全

Jan 16, 2026, 03:09 PM

This is a documentation-only skill containing no executable code. All content describes legitimate defensive security operations using TShark (Wireshark CLI). The static analyzer flagged 298 findings, but all are FALSE POSITIVES because they are detecting example commands and security terminology in documentation, not actual executable code. The skill includes proper authorization warnings, legal compliance guidance, and defensive considerations for protecting networks against unauthorized packet capture.

6

スキャンされたファイル

2,372

解析された行数

5

検出結果

claude

監査者

セキュリティ問題は見つかりませんでした

リスク要因

⚙️ 外部コマンド (146)

🌐 ネットワークアクセス (38)

📁 ファイルシステムへのアクセス (2)

assets/ci-config-template.yml:323 assets/ci-config-template.yml:323

🔑 環境変数 (27)

⚡ スクリプトを含む (2)

references/EXAMPLE.md:138 references/EXAMPLE.md:137

監査バージョン 4

安全

Jan 16, 2026, 03:09 PM

This is a documentation-only skill containing no executable code. All content describes legitimate defensive security operations using TShark (Wireshark CLI). The static analyzer flagged 298 findings, but all are FALSE POSITIVES because they are detecting example commands and security terminology in documentation, not actual executable code. The skill includes proper authorization warnings, legal compliance guidance, and defensive considerations for protecting networks against unauthorized packet capture.

6

スキャンされたファイル

2,372

解析された行数

5

検出結果

claude

監査者

セキュリティ問題は見つかりませんでした

リスク要因

⚙️ 外部コマンド (146)

🌐 ネットワークアクセス (38)

📁 ファイルシステムへのアクセス (2)

assets/ci-config-template.yml:323 assets/ci-config-template.yml:323

🔑 環境変数 (27)

⚡ スクリプトを含む (2)

references/EXAMPLE.md:138 references/EXAMPLE.md:137

監査バージョン 3

安全

Jan 10, 2026, 10:14 AM

This is a prompt-only documentation skill containing no executable code. All content describes legitimate security operations using TShark (Wireshark CLI). The documentation includes proper authorization warnings and defensive considerations. No network calls, file system access, or code execution capabilities exist in this skill.

5

スキャンされたファイル

1,823

解析された行数

0

検出結果

claude

監査者

セキュリティ問題は見つかりませんでした

監査バージョン 2

安全

Jan 10, 2026, 10:14 AM

This is a prompt-only documentation skill containing no executable code. All content describes legitimate security operations using TShark (Wireshark CLI). The documentation includes proper authorization warnings and defensive considerations. No network calls, file system access, or code execution capabilities exist in this skill.

5

スキャンされたファイル

1,823

解析された行数

0

検出結果

claude

監査者

セキュリティ問題は見つかりませんでした

監査バージョン 1

安全

Jan 10, 2026, 10:14 AM

This is a prompt-only documentation skill containing no executable code. All content describes legitimate security operations using TShark (Wireshark CLI). The documentation includes proper authorization warnings and defensive considerations. No network calls, file system access, or code execution capabilities exist in this skill.

5

スキャンされたファイル

1,823

解析された行数

0

検出結果

claude

監査者

セキュリティ問題は見つかりませんでした