📦

감사 이력

api-jwt-authenticator - 6 감사

감사 버전 6

최신 낮은 위험

Jun 28, 2026, 03:48 AM

Static analysis flagged Markdown backticks, JWT terminology, and HTTP authentication documentation as suspicious patterns. Review found no executable code, shell invocation, prompt injection, malware behavior, or data exfiltration in SKILL.md. The skill is a conceptual security guide and is safe to publish with low residual risk.

1
스캔된 파일
136
분석된 줄 수
0
Review items
3
False positives ignored
Static false positives ignored (3)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

낮음
False Positive: Markdown Formatting Flagged as Shell Execution
The flagged locations use Markdown inline code for an Authorization header and JWT claim names. They do not contain Ruby code, shell execution, command substitution, or user-controlled command construction.
The evidence is plain Markdown documentation. The surrounding text describes token format and claims, not executable Ruby or shell behavior.
낮음
False Positive: Weak Cryptography Pattern Not Confirmed
The flagged lines do not specify a weak signing algorithm or unsafe cryptographic implementation. Line 7 is the skill description, and line 128 discusses testing error response formats.
No cryptographic algorithm is named at either location. The skill recommends validating JWT signatures and expiration but does not prescribe insecure crypto.
낮음
False Positive: System Reconnaissance Pattern Not Confirmed
The flagged locations describe HTTP status handling, token structure, information disclosure avoidance, and authentication tests. They do not collect host data, enumerate files, or inspect the runtime environment.
The context is API authentication guidance. No commands, filesystem reads, environment probing, or network discovery instructions are present.
보안 문제가 발견되지 않았습니다
감사자: codex

감사 버전 5

안전

Jan 16, 2026, 03:39 PM

This is a pure documentation skill providing conceptual guidance for implementing JWT authentication in FastAPI APIs. Contains no executable code, no network calls, no filesystem operations, and no external command execution. The static analysis findings are false positives triggered by security-related terminology in documentation (JWT, authorization, tokens, roles) and metadata fields. All 27 static findings are dismissed as keyword-pattern false positives.

2
스캔된 파일
314
분석된 줄 수
1
Review items
0
False positives ignored
감사자: claude

감사 버전 4

안전

Jan 16, 2026, 03:39 PM

This is a pure documentation skill providing conceptual guidance for implementing JWT authentication in FastAPI APIs. Contains no executable code, no network calls, no filesystem operations, and no external command execution. The static analysis findings are false positives triggered by security-related terminology in documentation (JWT, authorization, tokens, roles) and metadata fields. All 27 static findings are dismissed as keyword-pattern false positives.

2
스캔된 파일
314
분석된 줄 수
1
Review items
0
False positives ignored
감사자: claude

감사 버전 3

안전

Jan 10, 2026, 09:48 AM

Pure documentation-based conceptual skill containing only a SKILL.md file. No executable code, no network calls, no filesystem access beyond its own file. The content provides guidance on implementing JWT authentication following security best practices.

1
스캔된 파일
136
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 2

안전

Jan 10, 2026, 09:48 AM

Pure documentation-based conceptual skill containing only a SKILL.md file. No executable code, no network calls, no filesystem access beyond its own file. The content provides guidance on implementing JWT authentication following security best practices.

1
스캔된 파일
136
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 1

안전

Jan 10, 2026, 09:48 AM

Pure documentation-based conceptual skill containing only a SKILL.md file. No executable code, no network calls, no filesystem access beyond its own file. The content provides guidance on implementing JWT authentication following security best practices.

1
스캔된 파일
136
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude