감사 이력
code-analysis - 6 감사
감사 버전 6
최신 낮은 위험Jun 28, 2026, 04:09 AM
The static weak cryptography findings are false positives caused by readability terms such as token, serialize, and hash-related wording, not cryptographic operations. The Markdown backtick findings are also false positives from fenced examples and documented CLI usage. The skill is safe to publish with a low warning because it runs a local script that reads user-selected files and may print code snippets.
Confirmed security concerns (1)
Static false positives ignored (3)
These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.
위험 요인
⚡ 스크립트 포함 (2)
📁 파일 시스템 접근 (1)
⚙️ 외부 명령어 (1)
감지된 패턴
감사 버전 5
낮은 위험Jan 16, 2026, 02:43 PM
This is a legitimate code readability analyzer with no security concerns. All 44 static findings are FALSE POSITIVES. The 'Weak cryptographic algorithm' patterns are misidentified regex patterns for code analysis (analyzing variable names like 'usr_tkn', 'tmp', 'idx'). The 'Ruby/shell backtick execution' patterns are documentation code fences (markdown syntax), not actual shell commands. The 'C2 keywords' finding references 'webhook' as a technical term in a jargon list, not command-and-control infrastructure. The skill only reads user-specified files via command-line arguments, uses standard Python libraries (argparse, os, re, json, pathlib), and makes zero network requests. Capabilities match the stated purpose: analyzing code readability for non-developers.
위험 요인
📁 파일 시스템 접근 (1)
감사 버전 4
낮은 위험Jan 16, 2026, 02:43 PM
This is a legitimate code readability analyzer with no security concerns. All 44 static findings are FALSE POSITIVES. The 'Weak cryptographic algorithm' patterns are misidentified regex patterns for code analysis (analyzing variable names like 'usr_tkn', 'tmp', 'idx'). The 'Ruby/shell backtick execution' patterns are documentation code fences (markdown syntax), not actual shell commands. The 'C2 keywords' finding references 'webhook' as a technical term in a jargon list, not command-and-control infrastructure. The skill only reads user-specified files via command-line arguments, uses standard Python libraries (argparse, os, re, json, pathlib), and makes zero network requests. Capabilities match the stated purpose: analyzing code readability for non-developers.
위험 요인
📁 파일 시스템 접근 (1)
감사 버전 3
낮은 위험Jan 10, 2026, 09:51 AM
This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.
위험 요인
📁 파일 시스템 접근 (1)
감사 버전 2
낮은 위험Jan 10, 2026, 09:51 AM
This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.
위험 요인
📁 파일 시스템 접근 (1)
감사 버전 1
낮은 위험Jan 10, 2026, 09:51 AM
This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.