📦

감사 이력

frontend-api-client-with-jwt - 6 감사

감사 버전 6

최신 중간 위험

Jun 28, 2026, 03:53 AM

The static findings are documentation terms in SKILL.md, not executable code, command execution, scanning, or exfiltration behavior. One semantic concern remains: the skill lists localStorage as a JWT storage option without enough warning about XSS exposure, so publication should include a security warning.

1
스캔된 파일
171
분석된 줄 수
3
Review items
0
False positives ignored

Confirmed security concerns (3)

중간
Security-Sensitive Token Storage Guidance
Static verdict: TRUE POSITIVE as a guidance risk, not as executable malware. The skill lists browser storage options for JWT tokens, including localStorage, which can expose bearer tokens to XSS if used without strong safeguards.
The line explicitly names token storage mechanisms in JWT guidance. The file is prose rather than code, so the risk is insecure implementation advice rather than direct credential access.
낮음
False Positive: JWT and HTTP Status Terminology
Static verdict: FALSE POSITIVE. The weak cryptographic algorithm detections point to a JWT description and an HTTP 200-299 status range, with no cryptographic API, algorithm selection, or hashing implementation present.
Both locations are plain documentation text. I found no code path, crypto function, or recommendation to use a weak algorithm.
낮음
False Positive: Reconnaissance Terms in API Guidance
Static verdict: FALSE POSITIVE. The system and network reconnaissance detections are ordinary API-client documentation about valid tokens, HTTP 401 handling, context access, error messages, refresh performance, and token tests.
The referenced lines contain no shell commands, port scanning, host discovery, probing loops, or data collection behavior. They are conceptual guidance for API request handling and tests.
감사자: codex

감사 버전 5

안전

Jan 16, 2026, 03:45 PM

This skill contains only documentation describing JWT API client patterns for Next.js. No executable code, scripts, or network capabilities are present. Purely a conceptual guide for developers. All static findings are false positives from keyword detection in documentation - there is no code to execute, no network requests to make, and no credentials to exfiltrate.

1
스캔된 파일
171
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 4

안전

Jan 16, 2026, 03:45 PM

This skill contains only documentation describing JWT API client patterns for Next.js. No executable code, scripts, or network capabilities are present. Purely a conceptual guide for developers. All static findings are false positives from keyword detection in documentation - there is no code to execute, no network requests to make, and no credentials to exfiltrate.

1
스캔된 파일
171
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 3

안전

Jan 10, 2026, 09:50 AM

This skill contains only documentation describing JWT API client patterns for Next.js. No executable code, scripts, or network capabilities are present. Purely a conceptual guide for developers.

1
스캔된 파일
171
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 2

안전

Jan 10, 2026, 09:50 AM

This skill contains only documentation describing JWT API client patterns for Next.js. No executable code, scripts, or network capabilities are present. Purely a conceptual guide for developers.

1
스캔된 파일
171
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 1

안전

Jan 10, 2026, 09:50 AM

This skill contains only documentation describing JWT API client patterns for Next.js. No executable code, scripts, or network capabilities are present. Purely a conceptual guide for developers.

1
스캔된 파일
171
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude