📦

감사 이력

swarm-planner - 2 감사들

감사 버전 2

최신 낮은 위험

Jun 28, 2026, 09:00 AM

Static shell-execution and weak-cryptography findings are false positives from Markdown backticks, example task IDs, empty arrays, and the word description. No malicious intent, prompt injection, executable payload, credential access, or exfiltration pattern was found in SKILL.md. The skill has low operational risk because it asks agents to fetch documentation and save a plan file in the current workspace.

스캔된 파일

180

분석된 줄 수

발견 사항

codex

감사자

낮은 위험 문제 (3)

SKILL.md:60 SKILL.md:61 SKILL.md:67 SKILL.md:75 SKILL.md:81 SKILL.md:87 SKILL.md:98 SKILL.md:105 SKILL.md:118 SKILL.md:123 SKILL.md:171

Markdown Backticks Misidentified as Shell Execution

FALSE_POSITIVE: The static Ruby shell execution alerts point to Markdown inline code, fenced examples, and template syntax. SKILL.md contains instructions for planning, not Ruby code or shell backtick execution.

SKILL.md:3 SKILL.md:62 SKILL.md:100 SKILL.md:130 SKILL.md:139 SKILL.md:148

Text Tokens Misidentified as Weak Cryptography

FALSE_POSITIVE: The weak cryptography alerts appear to match ordinary prose and template labels such as description. No hashing, encryption, cipher selection, or cryptographic API usage appears in SKILL.md.

SKILL.md:40 SKILL.md:81

Plan File Write and Documentation Lookup

TRUE_POSITIVE_LOW: The skill asks the agent to use documentation retrieval and save a Markdown plan in the current working directory. This is expected for the skill purpose, but users should understand it may use network-backed documentation tools and create a local file.

위험 요인

🌐 네트워크 접근 (1)

SKILL.md:40

📁 파일 시스템 액세스 (1)

SKILL.md:81

감사 버전 1

안전

Mar 6, 2026, 08:49 AM

Static scanner flagged 18 patterns (12 external_commands, 6 weak_crypto). Manual review confirms these are FALSE POSITIVES: backticks are markdown syntax for example task IDs (T1, depends_on: []), and 'description' is a documentation field, not cryptographic code. No shell execution, no crypto algorithms, no security risks present.

스캔된 파일

180

분석된 줄 수

발견 사항

claude

감사자

보안 문제를 찾지 못했습니다

← 스킬로 돌아가기