スキル webapp-testing 監査履歴
🧪

監査履歴

webapp-testing - 4 監査

監査バージョン 4

最新 低リスク

Jan 16, 2026, 11:17 PM

Legitimate Playwright-based testing toolkit. All network connections are to localhost only. Filesystem writes target user-controlled directories (/tmp, /mnt/user-data/outputs). Subprocess usage in with_server.py is appropriate for local dev server management. Static findings are false positives triggered by documentation code examples, license text, and JSON field names.

7
スキャンされたファイル
844
解析された行数
4
検出結果
claude
監査者
低リスクの問題 (1)
scripts/with_server.py:68-74
Shell execution for local dev servers
with_server.py uses subprocess with shell=True to run user-provided server commands. This is necessary for the tool's purpose but allows arbitrary command execution. However, this is a local testing tool where the user provides their own commands.

リスク要因

⚡ スクリプトを含む (4)
scripts/with_server.py:1-106 examples/static_html_automation.py:1-33 examples/element_discovery.py:1-40 examples/console_logging.py:1-35
📁 ファイルシステムへのアクセス (2)
examples/static_html_automation.py:17 examples/console_logging.py:31-32
🌐 ネットワークアクセス (2)
scripts/with_server.py:23-32 examples/element_discovery.py:10

監査バージョン 3

低リスク

Jan 16, 2026, 11:17 PM

Legitimate Playwright-based testing toolkit. All network connections are to localhost only. Filesystem writes target user-controlled directories (/tmp, /mnt/user-data/outputs). Subprocess usage in with_server.py is appropriate for local dev server management. Static findings are false positives triggered by documentation code examples, license text, and JSON field names.

7
スキャンされたファイル
844
解析された行数
4
検出結果
claude
監査者
低リスクの問題 (1)
scripts/with_server.py:68-74
Shell execution for local dev servers
with_server.py uses subprocess with shell=True to run user-provided server commands. This is necessary for the tool's purpose but allows arbitrary command execution. However, this is a local testing tool where the user provides their own commands.

リスク要因

⚡ スクリプトを含む (4)
scripts/with_server.py:1-106 examples/static_html_automation.py:1-33 examples/element_discovery.py:1-40 examples/console_logging.py:1-35
📁 ファイルシステムへのアクセス (2)
examples/static_html_automation.py:17 examples/console_logging.py:31-32
🌐 ネットワークアクセス (2)
scripts/with_server.py:23-32 examples/element_discovery.py:10

監査バージョン 2

低リスク

Jan 6, 2026, 07:57 AM

Legitimate webapp testing toolkit using Playwright. Contains Python scripts that manage local dev servers and perform browser automation. Capabilities align with stated purpose. Risk factors are appropriate for a testing tool.

6
スキャンされたファイル
512
解析された行数
6
検出結果
claude
監査者
低リスクの問題 (2)
scripts/with_server.py:68-74
Shell execution in server management script
The with_server.py script uses subprocess.Popen with shell=True to execute user-provided server commands (lines 69-74). While this is necessary to support commands like 'cd backend && python server.py', it allows arbitrary shell command execution. An attacker who controls the command arguments could execute malicious commands. However, this is a local testing tool where the user provides their own commands.
examples/static_html_automation.py:17
Filesystem writes to user directories
Example scripts write screenshots and logs to /mnt/user-data/outputs and /tmp directories (static_html_automation.py:17, 29; element_discovery.py:37; console_logging.py:31). This is appropriate for a testing tool storing test artifacts.

リスク要因

⚡ スクリプトを含む (4)
scripts/with_server.py:1-106 examples/static_html_automation.py:1-33 examples/element_discovery.py:1-40 examples/console_logging.py:1-35
⚙️ 外部コマンド (2)
scripts/with_server.py:68-74 scripts/with_server.py:88
📁 ファイルシステムへのアクセス (4)
examples/static_html_automation.py:17 examples/static_html_automation.py:29 examples/element_discovery.py:37 examples/console_logging.py:31-32
🌐 ネットワークアクセス (3)
scripts/with_server.py:23-32 examples/static_html_automation.py:14 examples/element_discovery.py:10-11

監査バージョン 1

低リスク

Jan 6, 2026, 07:57 AM

Legitimate webapp testing toolkit using Playwright. Contains Python scripts that manage local dev servers and perform browser automation. Capabilities align with stated purpose. Risk factors are appropriate for a testing tool.

6
スキャンされたファイル
512
解析された行数
6
検出結果
claude
監査者
低リスクの問題 (2)
scripts/with_server.py:68-74
Shell execution in server management script
The with_server.py script uses subprocess.Popen with shell=True to execute user-provided server commands (lines 69-74). While this is necessary to support commands like 'cd backend && python server.py', it allows arbitrary shell command execution. An attacker who controls the command arguments could execute malicious commands. However, this is a local testing tool where the user provides their own commands.
examples/static_html_automation.py:17
Filesystem writes to user directories
Example scripts write screenshots and logs to /mnt/user-data/outputs and /tmp directories (static_html_automation.py:17, 29; element_discovery.py:37; console_logging.py:31). This is appropriate for a testing tool storing test artifacts.

リスク要因

⚡ スクリプトを含む (4)
scripts/with_server.py:1-106 examples/static_html_automation.py:1-33 examples/element_discovery.py:1-40 examples/console_logging.py:1-35
⚙️ 外部コマンド (2)
scripts/with_server.py:68-74 scripts/with_server.py:88
📁 ファイルシステムへのアクセス (4)
examples/static_html_automation.py:17 examples/static_html_automation.py:29 examples/element_discovery.py:37 examples/console_logging.py:31-32
🌐 ネットワークアクセス (3)
scripts/with_server.py:23-32 examples/static_html_automation.py:14 examples/element_discovery.py:10-11
← スキルに戻る