🖼️

監査履歴

qwen-image - 2 監査

監査バージョン 2

高リスクの問題 (4)

False Positive: External Commands in Documentation

Static scanner detected 'Ruby/shell backtick execution' patterns at 39 locations. These are bash command examples in markdown code blocks (e.g., 'infsh login', 'infsh app run...'), not actual code execution. The skill uses the infsh CLI tool which is installed separately.

SKILL.md:9 SKILL.md:11 SKILL.md:83-85 SKILL.md:181-183

False Positive: Hardcoded URLs in Documentation

Static scanner detected 'Hardcoded URL' patterns at 8 locations. These are legitimate documentation URLs (inference.sh docs, example placeholder URLs) used for user guidance.

SKILL.md:3 SKILL.md:29 SKILL.md:51 SKILL.md:110 SKILL.md:126

False Positive: Weak Cryptographic Algorithm

Static scanner flagged 'Weak cryptographic algorithm' at multiple lines. This is a scanner misinterpretation - no cryptographic algorithms are present in this skill.

SKILL.md:118

False Positive: System Reconnaissance

Static scanner flagged 'System reconnaissance' at line 118. This is a false positive - the line contains a negative_prompt parameter for image generation ('low resolution, blurry, deformed, oversaturated'), not system scanning.

監査バージョン 1

低リスク

Mar 5, 2026, 08:54 AM

Static analysis detected external commands and network patterns, but evaluation confirms these are legitimate uses of the inference.sh CLI for image generation. The backtick detections are false positives from markdown code fences. URLs point to official inference.sh service. No malicious behavior confirmed.

スキャンされたファイル

184

解析された行数

検出結果

claude

監査者

中リスクの問題 (1)

SKILL.md:15-175

External CLI Commands

Skill invokes inference.sh CLI (infsh) for image generation. This is the documented, intended behavior for this skill type.

低リスクの問題 (1)

SKILL.md:9-11 SKILL.md:181-183