スキル iac-checkov 監査履歴
📦

監査履歴

iac-checkov - 6 監査

監査バージョン 6

最新 中リスク

Jun 28, 2026, 05:37 AM

Static analysis flagged many command, network, secret, and blocker keywords, but review found they are primarily Checkov usage examples, CI templates, and security policy terminology. No prompt injection attempt or malicious exfiltration intent was found. The skill still carries medium operational risk because it instructs users to run external scanners, read IaC files and reports, optionally download external modules, and use cloud security integrations.

9
スキャンされたファイル
2,451
解析された行数
9
検出結果
codex
監査者
中リスクの問題 (3)
SKILL.md:39-61assets/github_actions.yml:146-157assets/gitlab_ci.yml:132-156
External Scanner Commands Are Central to Skill Operation
The skill instructs users and CI systems to install and run Checkov, parse scan output with shell tools, and generate reports. This is legitimate for an IaC security skill, but it can execute local tools over large workspace paths and should be run only in trusted project contexts.
assets/checkov_config.yaml:46-75SKILL.md:652-657assets/pre_commit_config.yaml:7-10
Optional Network Access and Cloud Integration
Examples enable downloading external Terraform modules and show optional Prisma Cloud or Bridgecrew integration through an API key variable. These patterns are legitimate, but they can contact third-party services and may expose metadata if configured carelessly.
SKILL.md:455-463SKILL.md:221-227assets/github_actions.yml:175-176
IaC and Secret Scan Outputs May Contain Sensitive Context
The skill encourages secrets scanning and report generation over infrastructure files. Scan inputs and generated JSON or SARIF reports can contain resource names, paths, misconfiguration details, and sometimes secret-like values.
低リスクの問題 (2)
references/compliance_mapping.md:1-14references/custom_policies.md:247-260SKILL.md:396-403
Static Blocker Keywords Are Contextual False Positives
Several static hits for weak cryptography, command-and-control terminology, and Windows SAM are references to compliance controls, Checkov categories, or AWS SAM templates. They do not instruct the model to perform offensive activity.
references/suppression_guide.md:19-31references/suppression_guide.md:216-226references/suppression_guide.md:233-240
Suppression Examples Require Governance
The suppression guide includes examples that bypass specific Checkov checks for legacy or public resources. The guide also asks for justifications, but users could copy suppressions without approval.

リスク要因

⚙️ 外部コマンド (5)
SKILL.md:39-61 SKILL.md:221-233 assets/github_actions.yml:146-157 assets/gitlab_ci.yml:132-156 references/compliance_mapping.md:176-214
🌐 ネットワークアクセス (5)
SKILL.md:19-21 SKILL.md:652-657 assets/checkov_config.yaml:46-75 assets/pre_commit_config.yaml:7-10 assets/pre_commit_config.yaml:75-87
📁 ファイルシステムへのアクセス (4)
assets/checkov_config.yaml:21-29 assets/github_actions.yml:175-176 SKILL.md:115-117 SKILL.md:621-625
🔑 環境変数 (2)
assets/checkov_config.yaml:73-75 SKILL.md:652-657

検出されたパターン

Shell and CI Command Execution ExamplesNetwork-Enabled Dependency and Module Retrieval

監査バージョン 5

安全

Jan 16, 2026, 03:42 PM

Documentation-only skill with no executable code. Contains YAML configuration templates and markdown guides for Checkov, an open-source IaC security scanner. All 300 static findings are false positives caused by scanner misinterpreting documentation text (check IDs, URLs, security examples) as malicious patterns.

10
スキャンされたファイル
2,694
解析された行数
4
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

🌐 ネットワークアクセス (37)
assets/checkov_config.yaml:75 assets/pre_commit_config.yaml:9 assets/pre_commit_config.yaml:30 assets/pre_commit_config.yaml:50 assets/pre_commit_config.yaml:63 assets/pre_commit_config.yaml:76 assets/pre_commit_config.yaml:87 references/compliance_mapping.md:232 references/compliance_mapping.md:233 references/compliance_mapping.md:234 references/compliance_mapping.md:235 references/compliance_mapping.md:236 references/compliance_mapping.md:237 references/compliance_mapping.md:14 references/custom_policies.md:210 references/custom_policies.md:287 references/custom_policies.md:458 references/custom_policies.md:459 references/custom_policies.md:460 references/suppression_guide.md:430 references/suppression_guide.md:431 references/suppression_guide.md:29 references/suppression_guide.md:188 references/suppression_guide.md:198 references/suppression_guide.md:340 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:285 SKILL.md:666 SKILL.md:667 SKILL.md:668 SKILL.md:669 SKILL.md:670 SKILL.md:671 SKILL.md:366 SKILL.md:611
📁 ファイルシステムへのアクセス (3)
assets/checkov_config.yaml:27 assets/github_actions.yml:176 assets/github_actions.yml:176
🔑 環境変数 (1)
assets/checkov_config.yaml:74
⚙️ 外部コマンド (184)
assets/github_actions.yml:183-192 assets/github_actions.yml:156 assets/github_actions.yml:157 assets/gitlab_ci.yml:111 assets/gitlab_ci.yml:142 assets/gitlab_ci.yml:143 assets/gitlab_ci.yml:187 references/compliance_mapping.md:176-185 references/compliance_mapping.md:185-189 references/compliance_mapping.md:189-197 references/compliance_mapping.md:197-201 references/compliance_mapping.md:201-205 references/compliance_mapping.md:205-209 references/compliance_mapping.md:209-215 references/custom_policies.md:16-48 references/custom_policies.md:48-52 references/custom_policies.md:52-91 references/custom_policies.md:91-95 references/custom_policies.md:95-122 references/custom_policies.md:122-128 references/custom_policies.md:128-142 references/custom_policies.md:142-146 references/custom_policies.md:146-170 references/custom_policies.md:170-174 references/custom_policies.md:174-192 references/custom_policies.md:192-198 references/custom_policies.md:198-243 references/custom_policies.md:243-247 references/custom_policies.md:247-261 references/custom_policies.md:261-267 references/custom_policies.md:267-278 references/custom_policies.md:278-282 references/custom_policies.md:282-291 references/custom_policies.md:291-297 references/custom_policies.md:297-336 references/custom_policies.md:336-340 references/custom_policies.md:340-350 references/custom_policies.md:350-356 references/custom_policies.md:356-375 references/custom_policies.md:375-379 references/custom_policies.md:379-396 references/custom_policies.md:396-400 references/custom_policies.md:400-419 references/custom_policies.md:419-423 references/custom_policies.md:423-425 references/custom_policies.md:425-435 references/custom_policies.md:435-444 references/custom_policies.md:444-448 references/custom_policies.md:448-454 references/suppression_guide.md:11-32 references/suppression_guide.md:32-36 references/suppression_guide.md:36-50 references/suppression_guide.md:50-54 references/suppression_guide.md:54-67 references/suppression_guide.md:67-73 references/suppression_guide.md:73-94 references/suppression_guide.md:94-98 references/suppression_guide.md:98-107 references/suppression_guide.md:107-113 references/suppression_guide.md:113-140 references/suppression_guide.md:140-144 references/suppression_guide.md:144-160 references/suppression_guide.md:160-166 references/suppression_guide.md:166-179 references/suppression_guide.md:179-183 references/suppression_guide.md:183-201 references/suppression_guide.md:201-205 references/suppression_guide.md:205-214 references/suppression_guide.md:214-218 references/suppression_guide.md:218-227 references/suppression_guide.md:227-235 references/suppression_guide.md:235-244 references/suppression_guide.md:244-248 references/suppression_guide.md:248-262 references/suppression_guide.md:262-266 references/suppression_guide.md:266-281 references/suppression_guide.md:281-285 references/suppression_guide.md:285-296 references/suppression_guide.md:296-302 references/suppression_guide.md:302-306 references/suppression_guide.md:306-310 references/suppression_guide.md:310-316 references/suppression_guide.md:316-320 references/suppression_guide.md:320-329 references/suppression_guide.md:329-333 references/suppression_guide.md:333-343 references/suppression_guide.md:343-349 references/suppression_guide.md:349-358 references/suppression_guide.md:358-362 references/suppression_guide.md:362-418 references/suppression_guide.md:133 references/suppression_guide.md:113-140 SKILL.md:39-48 SKILL.md:48-52 SKILL.md:52-61 SKILL.md:61-65 SKILL.md:65-71 SKILL.md:71-75 SKILL.md:75-78 SKILL.md:78-86 SKILL.md:86-93 SKILL.md:93-105 SKILL.md:105-117 SKILL.md:117-131 SKILL.md:131-144 SKILL.md:144-156 SKILL.md:156-163 SKILL.md:163-165 SKILL.md:165-178 SKILL.md:178-180 SKILL.md:180-186 SKILL.md:186-207 SKILL.md:207-211 SKILL.md:211-213 SKILL.md:213-215 SKILL.md:215-221 SKILL.md:221-234 SKILL.md:234-243 SKILL.md:243-251 SKILL.md:251-276 SKILL.md:276-282 SKILL.md:282-291 SKILL.md:291-295 SKILL.md:295-298 SKILL.md:298-302 SKILL.md:302-316 SKILL.md:316-320 SKILL.md:320-342 SKILL.md:342-344 SKILL.md:344-352 SKILL.md:352-361 SKILL.md:361-374 SKILL.md:374-383 SKILL.md:383-398 SKILL.md:398-404 SKILL.md:404-410 SKILL.md:410-419 SKILL.md:419-427 SKILL.md:427-432 SKILL.md:432-438 SKILL.md:438-443 SKILL.md:443-454 SKILL.md:454-464 SKILL.md:464-469 SKILL.md:469-479 SKILL.md:479-481 SKILL.md:481-482 SKILL.md:482-483 SKILL.md:483-484 SKILL.md:484-485 SKILL.md:485-486 SKILL.md:486-488 SKILL.md:488-490 SKILL.md:490-491 SKILL.md:491-492 SKILL.md:492-493 SKILL.md:493-494 SKILL.md:494-495 SKILL.md:495-497 SKILL.md:497-499 SKILL.md:499-500 SKILL.md:500-501 SKILL.md:501-502 SKILL.md:502-503 SKILL.md:503-504 SKILL.md:504-505 SKILL.md:505-513 SKILL.md:513-525 SKILL.md:525-531 SKILL.md:531-538 SKILL.md:538-544 SKILL.md:544-554 SKILL.md:554-560 SKILL.md:560-572 SKILL.md:572-591 SKILL.md:591-597 SKILL.md:597-603 SKILL.md:603-614 SKILL.md:614-620 SKILL.md:620-629 SKILL.md:629-635 SKILL.md:635-646 SKILL.md:646-652 SKILL.md:652-662

監査バージョン 4

安全

Jan 16, 2026, 03:42 PM

Documentation-only skill with no executable code. Contains YAML configuration templates and markdown guides for Checkov, an open-source IaC security scanner. All 300 static findings are false positives caused by scanner misinterpreting documentation text (check IDs, URLs, security examples) as malicious patterns.

10
スキャンされたファイル
2,694
解析された行数
4
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

🌐 ネットワークアクセス (37)
assets/checkov_config.yaml:75 assets/pre_commit_config.yaml:9 assets/pre_commit_config.yaml:30 assets/pre_commit_config.yaml:50 assets/pre_commit_config.yaml:63 assets/pre_commit_config.yaml:76 assets/pre_commit_config.yaml:87 references/compliance_mapping.md:232 references/compliance_mapping.md:233 references/compliance_mapping.md:234 references/compliance_mapping.md:235 references/compliance_mapping.md:236 references/compliance_mapping.md:237 references/compliance_mapping.md:14 references/custom_policies.md:210 references/custom_policies.md:287 references/custom_policies.md:458 references/custom_policies.md:459 references/custom_policies.md:460 references/suppression_guide.md:430 references/suppression_guide.md:431 references/suppression_guide.md:29 references/suppression_guide.md:188 references/suppression_guide.md:198 references/suppression_guide.md:340 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:285 SKILL.md:666 SKILL.md:667 SKILL.md:668 SKILL.md:669 SKILL.md:670 SKILL.md:671 SKILL.md:366 SKILL.md:611
📁 ファイルシステムへのアクセス (3)
assets/checkov_config.yaml:27 assets/github_actions.yml:176 assets/github_actions.yml:176
🔑 環境変数 (1)
assets/checkov_config.yaml:74
⚙️ 外部コマンド (184)
assets/github_actions.yml:183-192 assets/github_actions.yml:156 assets/github_actions.yml:157 assets/gitlab_ci.yml:111 assets/gitlab_ci.yml:142 assets/gitlab_ci.yml:143 assets/gitlab_ci.yml:187 references/compliance_mapping.md:176-185 references/compliance_mapping.md:185-189 references/compliance_mapping.md:189-197 references/compliance_mapping.md:197-201 references/compliance_mapping.md:201-205 references/compliance_mapping.md:205-209 references/compliance_mapping.md:209-215 references/custom_policies.md:16-48 references/custom_policies.md:48-52 references/custom_policies.md:52-91 references/custom_policies.md:91-95 references/custom_policies.md:95-122 references/custom_policies.md:122-128 references/custom_policies.md:128-142 references/custom_policies.md:142-146 references/custom_policies.md:146-170 references/custom_policies.md:170-174 references/custom_policies.md:174-192 references/custom_policies.md:192-198 references/custom_policies.md:198-243 references/custom_policies.md:243-247 references/custom_policies.md:247-261 references/custom_policies.md:261-267 references/custom_policies.md:267-278 references/custom_policies.md:278-282 references/custom_policies.md:282-291 references/custom_policies.md:291-297 references/custom_policies.md:297-336 references/custom_policies.md:336-340 references/custom_policies.md:340-350 references/custom_policies.md:350-356 references/custom_policies.md:356-375 references/custom_policies.md:375-379 references/custom_policies.md:379-396 references/custom_policies.md:396-400 references/custom_policies.md:400-419 references/custom_policies.md:419-423 references/custom_policies.md:423-425 references/custom_policies.md:425-435 references/custom_policies.md:435-444 references/custom_policies.md:444-448 references/custom_policies.md:448-454 references/suppression_guide.md:11-32 references/suppression_guide.md:32-36 references/suppression_guide.md:36-50 references/suppression_guide.md:50-54 references/suppression_guide.md:54-67 references/suppression_guide.md:67-73 references/suppression_guide.md:73-94 references/suppression_guide.md:94-98 references/suppression_guide.md:98-107 references/suppression_guide.md:107-113 references/suppression_guide.md:113-140 references/suppression_guide.md:140-144 references/suppression_guide.md:144-160 references/suppression_guide.md:160-166 references/suppression_guide.md:166-179 references/suppression_guide.md:179-183 references/suppression_guide.md:183-201 references/suppression_guide.md:201-205 references/suppression_guide.md:205-214 references/suppression_guide.md:214-218 references/suppression_guide.md:218-227 references/suppression_guide.md:227-235 references/suppression_guide.md:235-244 references/suppression_guide.md:244-248 references/suppression_guide.md:248-262 references/suppression_guide.md:262-266 references/suppression_guide.md:266-281 references/suppression_guide.md:281-285 references/suppression_guide.md:285-296 references/suppression_guide.md:296-302 references/suppression_guide.md:302-306 references/suppression_guide.md:306-310 references/suppression_guide.md:310-316 references/suppression_guide.md:316-320 references/suppression_guide.md:320-329 references/suppression_guide.md:329-333 references/suppression_guide.md:333-343 references/suppression_guide.md:343-349 references/suppression_guide.md:349-358 references/suppression_guide.md:358-362 references/suppression_guide.md:362-418 references/suppression_guide.md:133 references/suppression_guide.md:113-140 SKILL.md:39-48 SKILL.md:48-52 SKILL.md:52-61 SKILL.md:61-65 SKILL.md:65-71 SKILL.md:71-75 SKILL.md:75-78 SKILL.md:78-86 SKILL.md:86-93 SKILL.md:93-105 SKILL.md:105-117 SKILL.md:117-131 SKILL.md:131-144 SKILL.md:144-156 SKILL.md:156-163 SKILL.md:163-165 SKILL.md:165-178 SKILL.md:178-180 SKILL.md:180-186 SKILL.md:186-207 SKILL.md:207-211 SKILL.md:211-213 SKILL.md:213-215 SKILL.md:215-221 SKILL.md:221-234 SKILL.md:234-243 SKILL.md:243-251 SKILL.md:251-276 SKILL.md:276-282 SKILL.md:282-291 SKILL.md:291-295 SKILL.md:295-298 SKILL.md:298-302 SKILL.md:302-316 SKILL.md:316-320 SKILL.md:320-342 SKILL.md:342-344 SKILL.md:344-352 SKILL.md:352-361 SKILL.md:361-374 SKILL.md:374-383 SKILL.md:383-398 SKILL.md:398-404 SKILL.md:404-410 SKILL.md:410-419 SKILL.md:419-427 SKILL.md:427-432 SKILL.md:432-438 SKILL.md:438-443 SKILL.md:443-454 SKILL.md:454-464 SKILL.md:464-469 SKILL.md:469-479 SKILL.md:479-481 SKILL.md:481-482 SKILL.md:482-483 SKILL.md:483-484 SKILL.md:484-485 SKILL.md:485-486 SKILL.md:486-488 SKILL.md:488-490 SKILL.md:490-491 SKILL.md:491-492 SKILL.md:492-493 SKILL.md:493-494 SKILL.md:494-495 SKILL.md:495-497 SKILL.md:497-499 SKILL.md:499-500 SKILL.md:500-501 SKILL.md:501-502 SKILL.md:502-503 SKILL.md:503-504 SKILL.md:504-505 SKILL.md:505-513 SKILL.md:513-525 SKILL.md:525-531 SKILL.md:531-538 SKILL.md:538-544 SKILL.md:544-554 SKILL.md:554-560 SKILL.md:560-572 SKILL.md:572-591 SKILL.md:591-597 SKILL.md:597-603 SKILL.md:603-614 SKILL.md:614-620 SKILL.md:620-629 SKILL.md:629-635 SKILL.md:635-646 SKILL.md:646-652 SKILL.md:652-662

監査バージョン 3

安全

Jan 10, 2026, 10:35 AM

Pure documentation skill with no executable code. Provides configuration templates and CI/CD workflows for Checkov, an open-source IaC security scanner. No scripts, network calls, or filesystem access beyond configuration files.

9
スキャンされたファイル
1,500
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

監査バージョン 2

安全

Jan 10, 2026, 10:35 AM

Pure documentation skill with no executable code. Provides configuration templates and CI/CD workflows for Checkov, an open-source IaC security scanner. No scripts, network calls, or filesystem access beyond configuration files.

9
スキャンされたファイル
1,500
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

監査バージョン 1

安全

Jan 10, 2026, 10:35 AM

Pure documentation skill with no executable code. Provides configuration templates and CI/CD workflows for Checkov, an open-source IaC security scanner. No scripts, network calls, or filesystem access beyond configuration files.

9
スキャンされたファイル
1,500
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした
← スキルに戻る