스킬 allaymc-plugin-dev 감사 이력
📦

감사 이력

allaymc-plugin-dev - 6 감사들

감사 버전 6

최신 낮은 위험

Jun 28, 2026, 09:19 AM

Static analysis reported many high-risk patterns, but manual review found they come from LGPL license prose, Markdown code formatting, and legitimate git or Gradle workflow examples. No prompt injection, credential access, data exfiltration, obfuscated code, or malicious network behavior was found in LICENSE, README.md, or SKILL.md. The skill is low risk because it can guide users or agents to run standard development commands and read local reference paths.

3
스캔된 파일
647
분석된 줄 수
6
발견 사항
codex
감사자
낮은 위험 문제 (4)
LICENSE:15LICENSE:21LICENSE:28LICENSE:68LICENSE:83-90LICENSE:235-241LICENSE:306-312LICENSE:387
Static License Text Matches Are False Positives
Verdict: FALSE_POSITIVE. The reported weak cryptography and reconnaissance hits in LICENSE are standard LGPL prose. The cited lines contain license language about software freedom, libraries, source copies, offers, and operating systems, not executable code or cryptographic APIs.
README.md:9-12README.md:19-20README.md:27-34README.md:47-50SKILL.md:23-35SKILL.md:39-46SKILL.md:50-58SKILL.md:62-64SKILL.md:68-82
Markdown Backticks Flagged as Shell Execution
Verdict: FALSE_POSITIVE with a low operational caution. README.md and SKILL.md use Markdown backticks and fenced bash examples for installation, updates, and AllayGradle build tasks. These are transparent developer commands, not hidden Ruby backtick execution or command injection.
README.md:14-15SKILL.md:23-24SKILL.md:74-82
Path References Are Documentation, Not Traversal
Verdict: FALSE_POSITIVE with a low operational caution. README.md references installation directories, including a Codex skills path, and SKILL.md references template and API paths under references. The ellipsis in a Java source path is explanatory shorthand, not a traversal directive outside the project.
SKILL.md:3SKILL.md:28SKILL.md:37SKILL.md:69
Skill Metadata Keyword Matches Are False Positives
Verdict: FALSE_POSITIVE. Static hits in SKILL.md around the description, Gradle metadata, lifecycle heading, and API mismatch troubleshooting are ordinary AllayMC plugin guidance. They do not show weak cryptography, network reconnaissance, or system reconnaissance intent.

위험 요인

⚙️ 외부 명령어 (4)
README.md:9-12 README.md:19-20 README.md:27-34 SKILL.md:62-64
📁 파일 시스템 액세스 (3)
README.md:14-15 SKILL.md:23-24 SKILL.md:74-82

감사 버전 5

안전

Jan 16, 2026, 03:04 PM

This is a prompt-only documentation skill containing guidance for AllayMC plugin development. No executable code, scripts, network operations, or file system access beyond the skill's own directory. Static findings are false positives triggered by markdown documentation patterns (backticks in code blocks) and LGPL-2.1 license legal text. The skill reads reference materials via user-initialized git submodules.

4
스캔된 파일
858
분석된 줄 수
2
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

위험 요인

⚙️ 외부 명령어 (67)
README.md:9-12 README.md:12-14 README.md:14 README.md:14-15 README.md:15 README.md:15-19 README.md:19-21 README.md:21-27 README.md:27-29 README.md:29-33 README.md:33-35 README.md:35-47 README.md:47-48 README.md:48-49 README.md:49-50 README.md:50-52 SKILL.md:23 SKILL.md:24 SKILL.md:28 SKILL.md:28 SKILL.md:28 SKILL.md:28 SKILL.md:29 SKILL.md:31 SKILL.md:32 SKILL.md:33 SKILL.md:34 SKILL.md:34 SKILL.md:35 SKILL.md:35 SKILL.md:39 SKILL.md:41 SKILL.md:42 SKILL.md:43 SKILL.md:44 SKILL.md:44 SKILL.md:45 SKILL.md:45 SKILL.md:46 SKILL.md:50 SKILL.md:51 SKILL.md:52 SKILL.md:53 SKILL.md:54 SKILL.md:55 SKILL.md:56 SKILL.md:57 SKILL.md:58 SKILL.md:58 SKILL.md:62 SKILL.md:63 SKILL.md:64 SKILL.md:64 SKILL.md:68 SKILL.md:68 SKILL.md:68 SKILL.md:68 SKILL.md:69 SKILL.md:70 SKILL.md:74 SKILL.md:75 SKILL.md:76 SKILL.md:77 SKILL.md:78 SKILL.md:80 SKILL.md:81 SKILL.md:82
📁 파일 시스템 액세스 (3)
README.md:15 README.md:15 SKILL.md:77

감사 버전 4

안전

Jan 16, 2026, 03:04 PM

This is a prompt-only documentation skill containing guidance for AllayMC plugin development. No executable code, scripts, network operations, or file system access beyond the skill's own directory. Static findings are false positives triggered by markdown documentation patterns (backticks in code blocks) and LGPL-2.1 license legal text. The skill reads reference materials via user-initialized git submodules.

4
스캔된 파일
858
분석된 줄 수
2
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

위험 요인

⚙️ 외부 명령어 (67)
README.md:9-12 README.md:12-14 README.md:14 README.md:14-15 README.md:15 README.md:15-19 README.md:19-21 README.md:21-27 README.md:27-29 README.md:29-33 README.md:33-35 README.md:35-47 README.md:47-48 README.md:48-49 README.md:49-50 README.md:50-52 SKILL.md:23 SKILL.md:24 SKILL.md:28 SKILL.md:28 SKILL.md:28 SKILL.md:28 SKILL.md:29 SKILL.md:31 SKILL.md:32 SKILL.md:33 SKILL.md:34 SKILL.md:34 SKILL.md:35 SKILL.md:35 SKILL.md:39 SKILL.md:41 SKILL.md:42 SKILL.md:43 SKILL.md:44 SKILL.md:44 SKILL.md:45 SKILL.md:45 SKILL.md:46 SKILL.md:50 SKILL.md:51 SKILL.md:52 SKILL.md:53 SKILL.md:54 SKILL.md:55 SKILL.md:56 SKILL.md:57 SKILL.md:58 SKILL.md:58 SKILL.md:62 SKILL.md:63 SKILL.md:64 SKILL.md:64 SKILL.md:68 SKILL.md:68 SKILL.md:68 SKILL.md:68 SKILL.md:69 SKILL.md:70 SKILL.md:74 SKILL.md:75 SKILL.md:76 SKILL.md:77 SKILL.md:78 SKILL.md:80 SKILL.md:81 SKILL.md:82
📁 파일 시스템 액세스 (3)
README.md:15 README.md:15 SKILL.md:77

감사 버전 3

안전

Jan 10, 2026, 10:15 AM

This is a prompt-only skill containing documentation and guidance for AllayMC plugin development. No executable code, scripts, network operations, or file system access beyond the skill's own directory. References external git submodules that are initialized by the user.

4
스캔된 파일
653
분석된 줄 수
0
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

감사 버전 2

안전

Jan 10, 2026, 10:15 AM

This is a prompt-only skill containing documentation and guidance for AllayMC plugin development. No executable code, scripts, network operations, or file system access beyond the skill's own directory. References external git submodules that are initialized by the user.

4
스캔된 파일
653
분석된 줄 수
0
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

감사 버전 1

안전

Jan 10, 2026, 10:15 AM

This is a prompt-only skill containing documentation and guidance for AllayMC plugin development. No executable code, scripts, network operations, or file system access beyond the skill's own directory. References external git submodules that are initialized by the user.

4
스캔된 파일
653
분석된 줄 수
0
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다
← 스킬로 돌아가기