스킬 shadcn-framer 감사 이력
📦

감사 이력

shadcn-framer - 6 감사

감사 버전 6

최신 중간 위험

Jun 28, 2026, 01:11 PM

Static external-command hits mostly match Markdown code fences and TypeScript examples, so those are false positives. The setup section does contain real pnpm dlx commands that execute the latest ShadCN package, which is legitimate but carries supply-chain risk if run without review. The weak cryptography alerts are false positives from words such as description and CardDescription, with no cryptographic code found.

1
스캔된 파일
209
분석된 줄 수
4
발견 사항
codex
감사자
중간 위험 문제 (1)
Unpinned External Package Execution
The setup instructions run pnpm dlx shadcn@latest init and add commands. This is normal for ShadCN setup, but it executes code from the package registry without pinning a reviewed version.
낮은 위험 문제 (2)
Markdown Code Fence Static False Positives
The Ruby or shell backtick findings correspond to Markdown code block delimiters around examples. They do not indicate dynamic Ruby execution or hidden shell execution inside the skill file.
Weak Cryptography Static False Positives
The weak cryptographic algorithm alerts match ordinary prose and component identifiers, including description and CardDescription. No hashing, encryption, or cryptographic API usage is present in the reviewed file.

위험 요인

⚙️ 외부 명령어 (1)

감지된 패턴

External Command Setup Instructions

감사 버전 5

안전

Jan 16, 2026, 05:31 PM

Pure documentation skill containing TypeScript code examples for ShadCN UI and Framer Motion integration. All 31 static findings are false positives: shell command detections are TypeScript code blocks, crypto algorithm flags are animation variant names like 'hidden', and reconnaissance flags are animation state names like 'show'. No executable code, network calls, filesystem access, or external commands detected.

2
스캔된 파일
385
분석된 줄 수
1
발견 사항
claude
감사자
보안 문제가 발견되지 않았습니다

감사 버전 4

안전

Jan 16, 2026, 05:31 PM

Pure documentation skill containing TypeScript code examples for ShadCN UI and Framer Motion integration. All 31 static findings are false positives: shell command detections are TypeScript code blocks, crypto algorithm flags are animation variant names like 'hidden', and reconnaissance flags are animation state names like 'show'. No executable code, network calls, filesystem access, or external commands detected.

2
스캔된 파일
385
분석된 줄 수
1
발견 사항
claude
감사자
보안 문제가 발견되지 않았습니다

감사 버전 3

안전

Jan 10, 2026, 11:04 AM

Pure documentation skill containing TypeScript code examples for ShadCN UI and Framer Motion integration. No executable code, network calls, filesystem access, or external commands detected. Contains only documentation and code samples.

1
스캔된 파일
209
분석된 줄 수
0
발견 사항
claude
감사자
보안 문제가 발견되지 않았습니다

감사 버전 2

안전

Jan 10, 2026, 11:04 AM

Pure documentation skill containing TypeScript code examples for ShadCN UI and Framer Motion integration. No executable code, network calls, filesystem access, or external commands detected. Contains only documentation and code samples.

1
스캔된 파일
209
분석된 줄 수
0
발견 사항
claude
감사자
보안 문제가 발견되지 않았습니다

감사 버전 1

안전

Jan 10, 2026, 11:04 AM

Pure documentation skill containing TypeScript code examples for ShadCN UI and Framer Motion integration. No executable code, network calls, filesystem access, or external commands detected. Contains only documentation and code samples.

1
스캔된 파일
209
분석된 줄 수
0
발견 사항
claude
감사자
보안 문제가 발견되지 않았습니다