監査履歴
container-grype - 6 監査
監査バージョン 6
最新 中リスクJun 28, 2026, 06:18 AM
Static analysis found many command, network, filesystem, environment, and script patterns, but most are documentation examples for legitimate vulnerability scanning workflows. The confirmed risks are operational: some CI templates install tools with curl piped to a shell and one Jenkins example mounts the Docker socket, so publication is acceptable only with clear warnings and review guidance.
Confirmed security concerns (1)
Capability review items (3)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.
リスク要因
⚙️ 外部コマンド (4)
🌐 ネットワークアクセス (4)
📁 ファイルシステムへのアクセス (3)
🔑 環境変数 (3)
⚡ スクリプトを含む (1)
検出されたパターン
監査バージョン 5
安全Jan 16, 2026, 03:18 PM
Documentation-only skill containing markdown files and YAML configuration templates for the open-source Grype vulnerability scanner. All 332 static findings are false positives - the scanner flagged shell command examples (177), URL references (45), and environment variable patterns (27) in documentation as security issues. No executable code exists. This skill provides documentation and workflows for container vulnerability scanning but performs no actual scanning, network access, or file system operations beyond reading its own documentation files.
リスク要因
⚙️ 外部コマンド (5)
🌐 ネットワークアクセス (4)
🔑 環境変数 (3)
📁 ファイルシステムへのアクセス (1)
監査バージョン 4
安全Jan 16, 2026, 03:18 PM
Documentation-only skill containing markdown files and YAML configuration templates for the open-source Grype vulnerability scanner. All 332 static findings are false positives - the scanner flagged shell command examples (177), URL references (45), and environment variable patterns (27) in documentation as security issues. No executable code exists. This skill provides documentation and workflows for container vulnerability scanning but performs no actual scanning, network access, or file system operations beyond reading its own documentation files.
リスク要因
⚙️ 外部コマンド (5)
🌐 ネットワークアクセス (4)
🔑 環境変数 (3)
📁 ファイルシステムへのアクセス (1)
監査バージョン 3
安全Jan 10, 2026, 10:19 AM
Documentation-only skill with no executable code. Contains only markdown documentation and YAML configuration templates for the open-source Grype vulnerability scanner. No scripts, network calls, or file system access beyond its own documentation files.
監査バージョン 2
安全Jan 10, 2026, 10:19 AM
Documentation-only skill with no executable code. Contains only markdown documentation and YAML configuration templates for the open-source Grype vulnerability scanner. No scripts, network calls, or file system access beyond its own documentation files.
監査バージョン 1
安全Jan 10, 2026, 10:19 AM
Documentation-only skill with no executable code. Contains only markdown documentation and YAML configuration templates for the open-source Grype vulnerability scanner. No scripts, network calls, or file system access beyond its own documentation files.