감사 이력 - wp-block-themes

감사 버전 7

최신 낮은 위험

Jun 28, 2026, 11:44 AM

Static analysis reported many high-risk patterns, but review found no malicious intent, no prompt injection, and no confirmed weak cryptography. Most command and crypto matches are Markdown backticks around WordPress terms, file paths, or documentation links. The only real concern is a local Node.js helper that reads the current repository to detect block theme folders.

8

스캔된 파일

409

분석된 줄 수

8

발견 사항

codex

감사자

낮은 위험 문제 (4)

scripts/detect_block_themes.mjs:36-67 scripts/detect_block_themes.mjs:95-113

Local Repository Filesystem Enumeration

The helper script walks the current working directory, reads theme.json files, and prints a report that includes the repository root. This is legitimate for theme detection, but it exposes local paths in command output and should only be run in intended project directories.

SKILL.md:13-16 references/creating-new-block-theme.md:13-16 references/theme-json.md:9-12 references/templates-and-parts.md:7-8 references/style-variations.md:1-7

Markdown Backtick False Positives

Many external command detections are false positives. The flagged backticks surround WordPress file names, folders, and theme.json keys in Markdown, not executable Ruby or shell code.

references/creating-new-block-theme.md:20-25 references/theme-json.md:14-19 references/theme-json.md:56-59 references/patterns.md:10-12 references/templates-and-parts.md:12-15

Documentation URL False Positives

The network findings are hardcoded links to WordPress documentation and plugin pages. No file performs fetch, HTTP requests, package installation, or data upload.

SKILL.md:3 SKILL.md:99-109 references/theme-json.md:12-18

Weak Cryptography False Positives

The high-severity weak cryptography detections appear to match the text theme.json and URLs containing json. No hashing, encryption, password handling, or cryptographic API use was found.

위험 요인

⚡ 스크립트 포함 (1)

scripts/detect_block_themes.mjs:1-116

⚙️ 외부 명령어 (2)

SKILL.md:29-32 SKILL.md:46

🌐 네트워크 접근 (6)

references/creating-new-block-theme.md:20-25 references/patterns.md:10-12 references/style-variations.md:11-13 references/templates-and-parts.md:12-15 references/theme-json.md:14-19 references/theme-json.md:56-59

📁 파일 시스템 접근 (4)

scripts/detect_block_themes.mjs:15-18 scripts/detect_block_themes.mjs:28-30 scripts/detect_block_themes.mjs:36-67 scripts/detect_block_themes.mjs:95-113

감사 버전 6

낮은 위험

Jan 16, 2026, 05:50 PM

This skill provides documentation and guidance for WordPress block theme development. The only executable script (detect_block_themes.mjs) safely reads theme.json files using bounded filesystem operations with no network access or command execution. All 92 static findings are false positives: markdown backticks are misinterpreted as shell execution, documentation URLs as network calls, and JSON content hashes as C2 indicators.

9

스캔된 파일

659

분석된 줄 수

2

발견 사항

claude

감사자

중간 위험 문제 (1)

scripts/detect_block_themes.mjs:30-47

Filesystem Read Operations for Theme Detection

Node.js fs operations for reading theme.json files

위험 요인

📁 파일 시스템 접근 (1)

scripts/detect_block_themes.mjs:15-68

감사 버전 5

낮은 위험

Jan 16, 2026, 05:50 PM

This skill provides documentation and guidance for WordPress block theme development. The only executable script (detect_block_themes.mjs) safely reads theme.json files using bounded filesystem operations with no network access or command execution. All 92 static findings are false positives: markdown backticks are misinterpreted as shell execution, documentation URLs as network calls, and JSON content hashes as C2 indicators.

9

스캔된 파일

659

분석된 줄 수

2

발견 사항

claude

감사자

중간 위험 문제 (1)

scripts/detect_block_themes.mjs:30-47

Filesystem Read Operations for Theme Detection

Node.js fs operations for reading theme.json files

위험 요인

📁 파일 시스템 접근 (1)

scripts/detect_block_themes.mjs:15-68

감사 버전 4

낮은 위험

Jan 16, 2026, 05:50 PM

This skill provides documentation and guidance for WordPress block theme development. The only executable script (detect_block_themes.mjs) safely reads theme.json files using bounded filesystem operations with no network access or command execution. All 92 static findings are false positives: markdown backticks are misinterpreted as shell execution, documentation URLs as network calls, and JSON content hashes as C2 indicators.

9

스캔된 파일

659

분석된 줄 수

2

발견 사항

claude

감사자

중간 위험 문제 (1)

Node.js fs operations for reading theme.json files

위험 요인

📁 파일 시스템 접근 (1)

scripts/detect_block_themes.mjs:15-68

감사 버전 3

낮은 위험

Jan 10, 2026, 10:42 AM

This skill provides guidance and tooling for WordPress block theme development. The included script (detect_block_themes.mjs) safely scans repositories for theme.json files with bounded filesystem access and no network or command execution capabilities. All behavior matches the stated purpose.

8

스캔된 파일

304

분석된 줄 수

2

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

위험 요인

⚡ 스크립트 포함 (1)

scripts/detect_block_themes.mjs:1-117

📁 파일 시스템 접근 (1)

scripts/detect_block_themes.mjs:15-68

감사 버전 2

낮은 위험

Jan 10, 2026, 10:42 AM

This skill provides guidance and tooling for WordPress block theme development. The included script (detect_block_themes.mjs) safely scans repositories for theme.json files with bounded filesystem access and no network or command execution capabilities. All behavior matches the stated purpose.

8

스캔된 파일

304

분석된 줄 수

2

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

위험 요인

⚡ 스크립트 포함 (1)

scripts/detect_block_themes.mjs:1-117

📁 파일 시스템 접근 (1)

scripts/detect_block_themes.mjs:15-68

감사 버전 1

낮은 위험

Jan 10, 2026, 10:42 AM

This skill provides guidance and tooling for WordPress block theme development. The included script (detect_block_themes.mjs) safely scans repositories for theme.json files with bounded filesystem access and no network or command execution capabilities. All behavior matches the stated purpose.

8

스캔된 파일

304

분석된 줄 수

2

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

위험 요인

⚡ 스크립트 포함 (1)

scripts/detect_block_themes.mjs:1-117

📁 파일 시스템 접근 (1)

scripts/detect_block_themes.mjs:15-68