スキル fastapi-app 監査履歴
📦

監査履歴

fastapi-app - 6 監査

監査バージョン 6

最新 低リスク

Jan 21, 2026, 04:50 PM

All static findings are false positives. The skill provides legitimate FastAPI development guidance. Pattern detections (C2 keywords, weak crypto, command execution) are misidentifications of standard code examples and documentation URLs in the SKILL.md file.

2
スキャンされたファイル
1,766
解析された行数
3
検出結果
claude
監査者
低リスクの問題 (1)
SKILL.md:666-670
Documentation references detected as patterns
Static scanner flagged documentation URLs (fastapi.tiangolo.com, docs.pydantic.dev) as network targets. These are legitimate documentation references in the SKILL.md References section.

リスク要因

📁 ファイルシステムへのアクセス (1)
SKILL.md:436-457
⚡ スクリプトを含む (1)
SKILL.md:28-94

監査バージョン 5

中リスク

Jan 16, 2026, 05:55 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
スキャンされたファイル
879
解析された行数
4
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

⚙️ 外部コマンド (41)
skill-report.json:67 SKILL.md:28-94 SKILL.md:94-105 SKILL.md:105-223 SKILL.md:223-234 SKILL.md:234-267 SKILL.md:267-269 SKILL.md:269-324 SKILL.md:324-335 SKILL.md:335-387 SKILL.md:387-389 SKILL.md:389-421 SKILL.md:421-436 SKILL.md:436-437 SKILL.md:437-440 SKILL.md:440-441 SKILL.md:441-442 SKILL.md:442-443 SKILL.md:443-444 SKILL.md:444-447 SKILL.md:447-448 SKILL.md:448-449 SKILL.md:449-452 SKILL.md:452-453 SKILL.md:453-454 SKILL.md:454-455 SKILL.md:455-456 SKILL.md:456-521 SKILL.md:521-541 SKILL.md:541-545 SKILL.md:545-560 SKILL.md:560-564 SKILL.md:564-576 SKILL.md:576-580 SKILL.md:580-596 SKILL.md:596-600 SKILL.md:600-617 SKILL.md:617-621 SKILL.md:621-647 SKILL.md:647-651 SKILL.md:651-662
🌐 ネットワークアクセス (14)
skill-report.json:6 SKILL.md:61 SKILL.md:61 SKILL.md:552 SKILL.md:553 SKILL.md:554 SKILL.md:640 SKILL.md:666 SKILL.md:667 SKILL.md:668 SKILL.md:669 SKILL.md:670 SKILL.md:658 SKILL.md:661
📁 ファイルシステムへのアクセス (1)
skill-report.json:6
🔑 環境変数 (19)
skill-report.json:67 skill-report.json:67 skill-report.json:67 skill-report.json:67 skill-report.json:67 SKILL.md:240 SKILL.md:278 SKILL.md:240 SKILL.md:278 SKILL.md:240 SKILL.md:241 SKILL.md:245 SKILL.md:632 SKILL.md:278 SKILL.md:278 SKILL.md:291 SKILL.md:306 SKILL.md:589 SKILL.md:635

検出されたパターン

Ruby/shell backtick executionHardcoded URLHidden file accessPython getenv functiongetenv function callGeneric API/secret keysC2 keywordsWeak cryptographic algorithmHardcoded IP addressDatabase connection stringsEnvironment file accessSystem reconnaissanceNetwork reconnaissance[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

監査バージョン 4

中リスク

Jan 16, 2026, 05:55 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
スキャンされたファイル
879
解析された行数
4
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

⚙️ 外部コマンド (41)
skill-report.json:67 SKILL.md:28-94 SKILL.md:94-105 SKILL.md:105-223 SKILL.md:223-234 SKILL.md:234-267 SKILL.md:267-269 SKILL.md:269-324 SKILL.md:324-335 SKILL.md:335-387 SKILL.md:387-389 SKILL.md:389-421 SKILL.md:421-436 SKILL.md:436-437 SKILL.md:437-440 SKILL.md:440-441 SKILL.md:441-442 SKILL.md:442-443 SKILL.md:443-444 SKILL.md:444-447 SKILL.md:447-448 SKILL.md:448-449 SKILL.md:449-452 SKILL.md:452-453 SKILL.md:453-454 SKILL.md:454-455 SKILL.md:455-456 SKILL.md:456-521 SKILL.md:521-541 SKILL.md:541-545 SKILL.md:545-560 SKILL.md:560-564 SKILL.md:564-576 SKILL.md:576-580 SKILL.md:580-596 SKILL.md:596-600 SKILL.md:600-617 SKILL.md:617-621 SKILL.md:621-647 SKILL.md:647-651 SKILL.md:651-662
🌐 ネットワークアクセス (14)
skill-report.json:6 SKILL.md:61 SKILL.md:61 SKILL.md:552 SKILL.md:553 SKILL.md:554 SKILL.md:640 SKILL.md:666 SKILL.md:667 SKILL.md:668 SKILL.md:669 SKILL.md:670 SKILL.md:658 SKILL.md:661
📁 ファイルシステムへのアクセス (1)
skill-report.json:6
🔑 環境変数 (19)
skill-report.json:67 skill-report.json:67 skill-report.json:67 skill-report.json:67 skill-report.json:67 SKILL.md:240 SKILL.md:278 SKILL.md:240 SKILL.md:278 SKILL.md:240 SKILL.md:241 SKILL.md:245 SKILL.md:632 SKILL.md:278 SKILL.md:278 SKILL.md:291 SKILL.md:306 SKILL.md:589 SKILL.md:635

検出されたパターン

Ruby/shell backtick executionHardcoded URLHidden file accessPython getenv functiongetenv function callGeneric API/secret keysC2 keywordsWeak cryptographic algorithmHardcoded IP addressDatabase connection stringsEnvironment file accessSystem reconnaissanceNetwork reconnaissance[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

監査バージョン 3

低リスク

Jan 10, 2026, 11:07 AM

This is a documentation/prompt skill containing code examples for legitimate FastAPI backend development. The skill provides guidance on app setup, routing, database connections, and authentication patterns. No executable code or direct system access. Minor security concern identified with default JWT secret fallback.

1
スキャンされたファイル
671
解析された行数
2
検出結果
claude
監査者
低リスクの問題 (1)
SKILL.md:278
Default JWT secret fallback
The auth dependency example provides a default secret key if JWT_SECRET_KEY is not set: `SECRET_KEY = os.getenv("JWT_SECRET_KEY", "your-secret-key")`. While this is a common pattern in examples, it creates a weak default that developers might overlook. Attackers could exploit this if developers deploy without setting a proper secret. The code correctly recommends environment variable configuration elsewhere (line 623-645).

リスク要因

🔑 環境変数 (2)
SKILL.md:240-242 SKILL.md:278

監査バージョン 2

低リスク

Jan 10, 2026, 11:07 AM

This is a documentation/prompt skill containing code examples for legitimate FastAPI backend development. The skill provides guidance on app setup, routing, database connections, and authentication patterns. No executable code or direct system access. Minor security concern identified with default JWT secret fallback.

1
スキャンされたファイル
671
解析された行数
2
検出結果
claude
監査者
低リスクの問題 (1)
SKILL.md:278
Default JWT secret fallback
The auth dependency example provides a default secret key if JWT_SECRET_KEY is not set: `SECRET_KEY = os.getenv("JWT_SECRET_KEY", "your-secret-key")`. While this is a common pattern in examples, it creates a weak default that developers might overlook. Attackers could exploit this if developers deploy without setting a proper secret. The code correctly recommends environment variable configuration elsewhere (line 623-645).

リスク要因

🔑 環境変数 (2)
SKILL.md:240-242 SKILL.md:278

監査バージョン 1

低リスク

Jan 10, 2026, 11:07 AM

This is a documentation/prompt skill containing code examples for legitimate FastAPI backend development. The skill provides guidance on app setup, routing, database connections, and authentication patterns. No executable code or direct system access. Minor security concern identified with default JWT secret fallback.

1
スキャンされたファイル
671
解析された行数
2
検出結果
claude
監査者
低リスクの問題 (1)
SKILL.md:278
Default JWT secret fallback
The auth dependency example provides a default secret key if JWT_SECRET_KEY is not set: `SECRET_KEY = os.getenv("JWT_SECRET_KEY", "your-secret-key")`. While this is a common pattern in examples, it creates a weak default that developers might overlook. Attackers could exploit this if developers deploy without setting a proper secret. The code correctly recommends environment variable configuration elsewhere (line 623-645).

リスク要因

🔑 環境変数 (2)
SKILL.md:240-242 SKILL.md:278
← スキルに戻る