감사 이력 - shadcn-framer

감사 버전 6

최신 중간 위험

Jun 28, 2026, 01:11 PM

Static external-command hits mostly match Markdown code fences and TypeScript examples, so those are false positives. The setup section does contain real pnpm dlx commands that execute the latest ShadCN package, which is legitimate but carries supply-chain risk if run without review. The weak cryptography alerts are false positives from words such as description and CardDescription, with no cryptographic code found.

1

스캔된 파일

209

분석된 줄 수

4

발견 사항

codex

감사자

중간 위험 문제 (1)

SKILL.md:10-12

Unpinned External Package Execution

The setup instructions run pnpm dlx shadcn@latest init and add commands. This is normal for ShadCN setup, but it executes code from the package registry without pinning a reviewed version.

낮은 위험 문제 (2)

SKILL.md:10-13 SKILL.md:17-44 SKILL.md:48-64 SKILL.md:68-104 SKILL.md:108-126 SKILL.md:130-169 SKILL.md:173-190 SKILL.md:194-208

Markdown Code Fence Static False Positives

The Ruby or shell backtick findings correspond to Markdown code block delimiters around examples. They do not indicate dynamic Ruby execution or hidden shell execution inside the skill file.

SKILL.md:3 SKILL.md:23 SKILL.md:33

Weak Cryptography Static False Positives

The weak cryptographic algorithm alerts match ordinary prose and component identifiers, including description and CardDescription. No hashing, encryption, or cryptographic API usage is present in the reviewed file.

위험 요인

⚙️ 외부 명령어 (1)

SKILL.md:10-12

감지된 패턴

External Command Setup Instructions

감사 버전 5

안전

Jan 16, 2026, 05:31 PM

Pure documentation skill containing TypeScript code examples for ShadCN UI and Framer Motion integration. All 31 static findings are false positives: shell command detections are TypeScript code blocks, crypto algorithm flags are animation variant names like 'hidden', and reconnaissance flags are animation state names like 'show'. No executable code, network calls, filesystem access, or external commands detected.

2

스캔된 파일

385

분석된 줄 수

1

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

위험 요인

⚙️ 외부 명령어 (16)

SKILL.md:10-13 SKILL.md:13-17 SKILL.md:17-44 SKILL.md:44-48 SKILL.md:48-64 SKILL.md:64-68 SKILL.md:68-104 SKILL.md:104-108 SKILL.md:108-126 SKILL.md:126-130 SKILL.md:130-169 SKILL.md:169-173 SKILL.md:173-190 SKILL.md:190-194 SKILL.md:194-202 SKILL.md:202-208

감사 버전 4

안전

Jan 16, 2026, 05:31 PM

Pure documentation skill containing TypeScript code examples for ShadCN UI and Framer Motion integration. All 31 static findings are false positives: shell command detections are TypeScript code blocks, crypto algorithm flags are animation variant names like 'hidden', and reconnaissance flags are animation state names like 'show'. No executable code, network calls, filesystem access, or external commands detected.

2

스캔된 파일

385

분석된 줄 수

1

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

위험 요인

⚙️ 외부 명령어 (16)

SKILL.md:10-13 SKILL.md:13-17 SKILL.md:17-44 SKILL.md:44-48 SKILL.md:48-64 SKILL.md:64-68 SKILL.md:68-104 SKILL.md:104-108 SKILL.md:108-126 SKILL.md:126-130 SKILL.md:130-169 SKILL.md:169-173 SKILL.md:173-190 SKILL.md:190-194 SKILL.md:194-202 SKILL.md:202-208

감사 버전 3

안전

Jan 10, 2026, 11:04 AM

Pure documentation skill containing TypeScript code examples for ShadCN UI and Framer Motion integration. No executable code, network calls, filesystem access, or external commands detected. Contains only documentation and code samples.

1

스캔된 파일

209

분석된 줄 수

0

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

감사 버전 2

안전

Jan 10, 2026, 11:04 AM

Pure documentation skill containing TypeScript code examples for ShadCN UI and Framer Motion integration. No executable code, network calls, filesystem access, or external commands detected. Contains only documentation and code samples.

1

스캔된 파일

209

분석된 줄 수

0

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

감사 버전 1

안전

Jan 10, 2026, 11:04 AM

Pure documentation skill containing TypeScript code examples for ShadCN UI and Framer Motion integration. No executable code, network calls, filesystem access, or external commands detected. Contains only documentation and code samples.

1

스캔된 파일

209

분석된 줄 수

0

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다