監査履歴 - 1password-credential-lookup

監査バージョン 5

リスク要因

⚙️ 外部コマンド (1)

scripts/find_credential.py:30-31

📁 ファイルシステムへのアクセス (1)

scripts/find_credential.py:57-87

監査バージョン 4

低リスク

Jan 16, 2026, 09:02 PM

Legitimate credential lookup tool that uses 1Password CLI for secure retrieval. No network calls, no credential exfiltration. Subprocess calls to `op` CLI use hardcoded string arguments. Static findings are false positives triggered by expected credential access patterns.

3

スキャンされたファイル

507

解析された行数

3

検出結果

claude

監査者

低リスクの問題 (1)

scripts/find_credential.py:112-128

Credentials output via stdout

Script outputs credentials as JSON to stdout. This is the designed behavior for credential retrieval. Not a security flaw but expected functionality.

リスク要因

⚙️ 外部コマンド (1)

scripts/find_credential.py:30-31

📁 ファイルシステムへのアクセス (1)

scripts/find_credential.py:57-87

監査バージョン 3

低リスク

Jan 10, 2026, 12:14 PM

Legitimate credential lookup tool that uses 1Password CLI for secure credential retrieval. No network calls, no credential exfiltration, and behavior matches stated purpose.

2

スキャンされたファイル

252

解析された行数

4

検出結果

claude

監査者

低リスクの問題 (1)

scripts/find_credential.py:112-116 scripts/find_credential.py:128

Credentials output via stdout

The script outputs credentials (username/password) as JSON to stdout at lines 112-116 and 128. While this is the intended purpose for credential retrieval, credentials are exposed in process output which could be logged or captured. An attacker with access to the system could potentially read credentials from process listings or logs.

リスク要因

⚡ スクリプトを含む (1)

scripts/find_credential.py:1-146

⚙️ 外部コマンド (3)

scripts/find_credential.py:30-31 scripts/find_credential.py:58 scripts/find_credential.py:81

📁 ファイルシステムへのアクセス (2)

scripts/find_credential.py:57-77 scripts/find_credential.py:80-87

監査バージョン 2

低リスク

Jan 10, 2026, 12:14 PM

Legitimate credential lookup tool that uses 1Password CLI for secure credential retrieval. No network calls, no credential exfiltration, and behavior matches stated purpose.

2

スキャンされたファイル

252

解析された行数

4

検出結果

claude

監査者

低リスクの問題 (1)

scripts/find_credential.py:112-116 scripts/find_credential.py:128

Credentials output via stdout

The script outputs credentials (username/password) as JSON to stdout at lines 112-116 and 128. While this is the intended purpose for credential retrieval, credentials are exposed in process output which could be logged or captured. An attacker with access to the system could potentially read credentials from process listings or logs.

リスク要因

⚡ スクリプトを含む (1)

scripts/find_credential.py:1-146

⚙️ 外部コマンド (3)

scripts/find_credential.py:30-31 scripts/find_credential.py:58 scripts/find_credential.py:81

📁 ファイルシステムへのアクセス (2)

scripts/find_credential.py:57-77 scripts/find_credential.py:80-87

監査バージョン 1

低リスク

Jan 10, 2026, 12:14 PM

Legitimate credential lookup tool that uses 1Password CLI for secure credential retrieval. No network calls, no credential exfiltration, and behavior matches stated purpose.

2

スキャンされたファイル

252

解析された行数

4

検出結果

claude

監査者

低リスクの問題 (1)

scripts/find_credential.py:112-116 scripts/find_credential.py:128

Credentials output via stdout

The script outputs credentials (username/password) as JSON to stdout at lines 112-116 and 128. While this is the intended purpose for credential retrieval, credentials are exposed in process output which could be logged or captured. An attacker with access to the system could potentially read credentials from process listings or logs.

リスク要因

⚡ スクリプトを含む (1)

scripts/find_credential.py:1-146

⚙️ 外部コマンド (3)

scripts/find_credential.py:30-31 scripts/find_credential.py:58 scripts/find_credential.py:81

📁 ファイルシステムへのアクセス (2)

scripts/find_credential.py:57-77 scripts/find_credential.py:80-87