감사 이력 - styling-with-shadcn

감사 버전 6

최신 중간 위험

Jun 28, 2026, 11:31 AM

Static analysis reported many high-risk patterns, but review found the weak-crypto and Ruby backtick alerts are false positives from markdown code fences, color tokens, and UI examples. The skill does contain legitimate package installation commands and one Google Fonts import, so publication is reasonable with a supply-chain and external-network warning. No prompt-injection text, credential exfiltration, destructive command, or malicious intent was found.

4

스캔된 파일

1,268

분석된 줄 수

5

발견 사항

codex

감사자

중간 위험 문제 (1)

SKILL.md:16-30 SKILL.md:299-301 references/component-examples.md:356-360 references/taskflow-theme.md:102-107

Remote Package Installation Commands

The skill instructs users to run npx shadcn@latest, npm install next-themes, font package installation, and the local verify script. These commands are expected for a shadcn/ui setup guide, but they execute package-manager workflows and should be reviewed before use.

낮은 위험 문제 (2)

references/taskflow-theme.md:372

External Font Import in CSS Example

The theme reference includes a Google Fonts @import URL. This is a real external network dependency if copied into an application, but it does not send secrets or perform suspicious requests.

SKILL.md:16-30 references/component-examples.md:7-18 references/taskflow-theme.md:13-18

Static Analyzer False Positives in Markdown Examples

The reported Ruby backtick execution, weak cryptographic algorithm, and system reconnaissance alerts are not supported by semantic review. They come from markdown code fences, inline code formatting, UI words such as destructive or blocked, CSS colors, and ordinary component examples.

위험 요인

⚙️ 외부 명령어 (4)

SKILL.md:16-30 SKILL.md:299-301 references/component-examples.md:356-360 references/taskflow-theme.md:102-107

🌐 네트워크 접근 (1)

references/taskflow-theme.md:372

감지된 패턴

Package Manager Commands in DocumentationExternal Stylesheet Dependency

감사 버전 5

안전

Jan 16, 2026, 04:36 PM

Documentation-only skill containing code examples and reference files for shadcn/ui component patterns. The verify.py script only checks for file existence. All 144 static findings are false positives from the analyzer misinterpreting markdown code fences as shell commands and CSS HSL color values as cryptographic algorithms.

5

스캔된 파일

1,472

분석된 줄 수

2

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

위험 요인

⚙️ 외부 명령어 (82)

🌐 네트워크 접근 (1)

references/taskflow-theme.md:372

감사 버전 4

안전

Jan 16, 2026, 04:36 PM

Documentation-only skill containing code examples and reference files for shadcn/ui component patterns. The verify.py script only checks for file existence. All 144 static findings are false positives from the analyzer misinterpreting markdown code fences as shell commands and CSS HSL color values as cryptographic algorithms.

5

스캔된 파일

1,472

분석된 줄 수

2

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

위험 요인

⚙️ 외부 명령어 (82)

🌐 네트워크 접근 (1)

references/taskflow-theme.md:372

감사 버전 3

안전

Jan 10, 2026, 10:25 AM

Pure documentation skill containing only code examples and reference files. No executable code that reads sensitive data, makes network calls, or executes external commands. The verify.py script only checks for file existence.

4

스캔된 파일

1,268

분석된 줄 수

0

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

감사 버전 2

안전

Jan 10, 2026, 10:25 AM

Pure documentation skill containing only code examples and reference files. No executable code that reads sensitive data, makes network calls, or executes external commands. The verify.py script only checks for file existence.

4

스캔된 파일

1,268

분석된 줄 수

0

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

감사 버전 1

안전

Jan 10, 2026, 10:25 AM

Pure documentation skill containing only code examples and reference files. No executable code that reads sensitive data, makes network calls, or executes external commands. The verify.py script only checks for file existence.

4

스캔된 파일

1,268

분석된 줄 수

0

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다