스킬 tech-stack-evaluator 감사 이력
📦

감사 이력

tech-stack-evaluator - 4 감사들

감사 버전 4

최신 낮은 위험

Jun 28, 2026, 09:09 AM

The static analyzer reported a critical heuristic, but review found no command execution, network client usage, secret harvesting, obfuscation, or prompt injection attempt. Most high and medium matches are false positives from markdown examples, security terminology, URL parsing, and technology evaluation vocabulary. Residual risk is low because the skill contains Python scripts, checks one non-secret environment variable, and can write a report to a caller-provided filename.

15
스캔된 파일
5,083
분석된 줄 수
8
발견 사항
codex
감사자
낮은 위험 문제 (5)
README.md:185-220HOW_TO_USE.md:168-174report_generator.py:38
Static Critical Heuristic Dismissed
The scanner combined markdown backticks, documentation URLs, and an API key placeholder into a critical heuristic. Review found no subprocess, eval, exec, network client, credential read, or exfiltration behavior in the Python modules.
security_assessor.py:15-20README.md:294-335SKILL.md:285-304
Security Terminology Misclassified as Dangerous Keywords
C2, weak cryptography, and certificate/key alerts are triggered by normal technology evaluation language such as compliance standards, encryption readiness, and scoring terms. No evidence found of malware control logic or cryptographic implementation.
SKILL.md:150-154HOW_TO_USE.md:9-12README.md:185-195
Markdown Command Blocks Misclassified as Shell Execution
External command alerts are caused by markdown fences and example prompts in documentation. These examples are not executable code paths and no Python shell execution APIs were found.
report_generator.py:34-46
Non-Secret Environment Context Check
report_generator.py reads CLAUDE_DESKTOP to choose desktop or CLI report formatting. This is environment access, but it does not read API keys, tokens, passwords, or other secrets.
report_generator.py:444-458
User-Directed Report File Write
The report export helper writes generated markdown to the filename supplied by the caller. This is expected functionality, but callers should avoid untrusted or sensitive output paths.

위험 요인

⚡ 스크립트 포함 (3)
stack_comparator.py:1-10 security_assessor.py:1-10 report_generator.py:1-10
📁 파일 시스템 액세스 (1)
report_generator.py:444-458
🔑 환경 변수 (1)
report_generator.py:38

감사 버전 3

안전

Jan 16, 2026, 02:58 PM

All 219 static findings are false positives. The scanner detected benign documentation patterns including security terminology, code block formatting, and technology names. No actual code execution, network requests, or credential access exists. Uses Python standard library only.

16
스캔된 파일
5,387
분석된 줄 수
3
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

위험 요인

⚡ 스크립트 포함 (3)
stack_comparator.py:1-50 security_assessor.py:1-50 format_detector.py:1-50
📁 파일 시스템 액세스 (1)
report_generator.py:444-461
🔑 환경 변수 (1)
report_generator.py:38

감사 버전 2

안전

Jan 16, 2026, 02:58 PM

All 219 static findings are false positives. The scanner detected benign documentation patterns including security terminology, code block formatting, and technology names. No actual code execution, network requests, or credential access exists. Uses Python standard library only.

16
스캔된 파일
5,387
분석된 줄 수
3
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

위험 요인

⚡ 스크립트 포함 (3)
stack_comparator.py:1-50 security_assessor.py:1-50 format_detector.py:1-50
📁 파일 시스템 액세스 (1)
report_generator.py:444-461
🔑 환경 변수 (1)
report_generator.py:38

감사 버전 1

안전

Jan 15, 2026, 12:01 PM

All 190 static findings are false positives. The skill is a legitimate technology evaluation tool. Flags were triggered by security/compliance documentation keywords, bash command examples in markdown, and URL references - not malicious code patterns.

14
스캔된 파일
4,847
분석된 줄 수
2
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

위험 요인

📁 파일 시스템 액세스 (1)
report_generator.py:457
🔑 환경 변수 (1)
report_generator.py:38
← 스킬로 돌아가기