스킬 code-analysis 감사 이력
📦

감사 이력

code-analysis - 6 감사

감사 버전 6

최신 낮은 위험

Jun 28, 2026, 04:09 AM

The static weak cryptography findings are false positives caused by readability terms such as token, serialize, and hash-related wording, not cryptographic operations. The Markdown backtick findings are also false positives from fenced examples and documented CLI usage. The skill is safe to publish with a low warning because it runs a local script that reads user-selected files and may print code snippets.

2
스캔된 파일
736
분석된 줄 수
4
Review items
3
False positives ignored

Confirmed security concerns (1)

낮음
Local File Read Requires User Care
The analyzer accepts a user-provided --path value, checks that the path exists, and reads the file contents for analysis. This is expected for a readability tool, but users should avoid scanning files that contain secrets or sensitive source because snippets can be included in output.
The code clearly reads local files from a user-supplied path and can report snippets. No evidence found of network exfiltration, shell execution, or hidden persistence.
Static false positives ignored (3)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

낮음
Weak Cryptography Static Findings Are False Positives
The flagged locations use words such as token, serialize, JSON, and descriptions for readability issues. No evidence found of weak hashing, encryption, or cryptographic APIs in the scanned files.
The reviewed locations are static text, comments, labels, or readability suggestions. They do not call MD5, SHA-1, encryption routines, random generators, or password handling logic.
낮음
Markdown Backtick Static Findings Are False Positives
The SKILL.md findings are Markdown fenced examples and documented usage for running the local analyzer. They are not Ruby shell backticks and do not create hidden command execution.
The backticks delimit Markdown code blocks. The only command shown is an explicit user-facing python3 invocation for the local script.
낮음
System Reconnaissance Static Finding Is False Positive
The line flagged for system reconnaissance resets an internal counter after reporting a readability issue. No evidence found of host enumeration, system probing, or environment collection.
The line is a local state reset inside comment-ratio analysis. It has no operating system calls, network calls, or data collection behavior.

위험 요인

⚡ 스크립트 포함 (2)
📁 파일 시스템 접근 (1)
⚙️ 외부 명령어 (1)

감지된 패턴

User-Selected Local File Reading
감사자: codex

감사 버전 5

낮은 위험

Jan 16, 2026, 02:43 PM

This is a legitimate code readability analyzer with no security concerns. All 44 static findings are FALSE POSITIVES. The 'Weak cryptographic algorithm' patterns are misidentified regex patterns for code analysis (analyzing variable names like 'usr_tkn', 'tmp', 'idx'). The 'Ruby/shell backtick execution' patterns are documentation code fences (markdown syntax), not actual shell commands. The 'C2 keywords' finding references 'webhook' as a technical term in a jargon list, not command-and-control infrastructure. The skill only reads user-specified files via command-line arguments, uses standard Python libraries (argparse, os, re, json, pathlib), and makes zero network requests. Capabilities match the stated purpose: analyzing code readability for non-developers.

3
스캔된 파일
929
분석된 줄 수
1
Review items
0
False positives ignored

위험 요인

📁 파일 시스템 접근 (1)
감사자: claude

감사 버전 4

낮은 위험

Jan 16, 2026, 02:43 PM

This is a legitimate code readability analyzer with no security concerns. All 44 static findings are FALSE POSITIVES. The 'Weak cryptographic algorithm' patterns are misidentified regex patterns for code analysis (analyzing variable names like 'usr_tkn', 'tmp', 'idx'). The 'Ruby/shell backtick execution' patterns are documentation code fences (markdown syntax), not actual shell commands. The 'C2 keywords' finding references 'webhook' as a technical term in a jargon list, not command-and-control infrastructure. The skill only reads user-specified files via command-line arguments, uses standard Python libraries (argparse, os, re, json, pathlib), and makes zero network requests. Capabilities match the stated purpose: analyzing code readability for non-developers.

3
스캔된 파일
929
분석된 줄 수
1
Review items
0
False positives ignored

위험 요인

📁 파일 시스템 접근 (1)
감사자: claude

감사 버전 3

낮은 위험

Jan 10, 2026, 09:51 AM

This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.

2
스캔된 파일
736
분석된 줄 수
1
Review items
0
False positives ignored

위험 요인

📁 파일 시스템 접근 (1)
감사자: claude

감사 버전 2

낮은 위험

Jan 10, 2026, 09:51 AM

This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.

2
스캔된 파일
736
분석된 줄 수
1
Review items
0
False positives ignored

위험 요인

📁 파일 시스템 접근 (1)
감사자: claude

감사 버전 1

낮은 위험

Jan 10, 2026, 09:51 AM

This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.

2
스캔된 파일
736
분석된 줄 수
1
Review items
0
False positives ignored

위험 요인

📁 파일 시스템 접근 (1)
감사자: claude