감사 이력

감사 버전 6

최신 낮은 위험

Jun 28, 2026, 03:50 PM

Static analysis reported shell execution, weak cryptography, and reconnaissance patterns, but the reviewed file is Markdown guidance. The shell findings are inline code paths or examples, and no executable script, cryptographic primitive, or system reconnaissance command was found. A low warning remains because the skill asks the agent to use an external code-search tool for API verification.

1

스캔된 파일

146

분석된 줄 수

3

발견 사항

codex

감사자

낮은 위험 문제 (3)

SKILL.md:9 SKILL.md:10 SKILL.md:10 SKILL.md:10 SKILL.md:11 SKILL.md:11 SKILL.md:12 SKILL.md:32 SKILL.md:39 SKILL.md:40 SKILL.md:45 SKILL.md:47 SKILL.md:47 SKILL.md:50 SKILL.md:51 SKILL.md:52 SKILL.md:55 SKILL.md:55 SKILL.md:55 SKILL.md:56 SKILL.md:56 SKILL.md:61 SKILL.md:62 SKILL.md:65 SKILL.md:67 SKILL.md:68 SKILL.md:69 SKILL.md:70 SKILL.md:75 SKILL.md:76 SKILL.md:86 SKILL.md:87 SKILL.md:98 SKILL.md:99 SKILL.md:137 SKILL.md:139

Markdown Inline Code Misclassified as Shell Execution

The static analyzer flagged many backtick-delimited Markdown references as Ruby or shell execution. These lines contain project paths, file names, function names, command-line option text, or illustrative tool-call labels, not executable code.

SKILL.md:3 SKILL.md:33 SKILL.md:65 SKILL.md:86 SKILL.md:130

Weak Cryptography and Reconnaissance Alerts Dismissed

The flagged lines describe the skill, caching, streaming event names, frontend rendering, and invalid-query testing. No evidence found for weak cryptographic algorithms or system reconnaissance behavior.

SKILL.md:62

External Tool Use Requires User Awareness

The skill instructs the agent to use exa-code to verify DuckDuckGo API patterns. This is not malicious, but it may cause the agent to rely on an external code-search service during implementation.

감사 버전 5

안전

Jan 16, 2026, 06:53 PM

All 50 static findings are false positives. This is a YAML specification document describing optimization tasks, not executable code. The scanner misinterpreted markdown code formatting backticks as Ruby shell execution, and documentation text as cryptographic/system reconnaissance patterns. The skill contains no network calls, filesystem access, or external commands.

2

스캔된 파일

324

분석된 줄 수

1

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

감사 버전 4

안전

Jan 16, 2026, 06:53 PM

All 50 static findings are false positives. This is a YAML specification document describing optimization tasks, not executable code. The scanner misinterpreted markdown code formatting backticks as Ruby shell execution, and documentation text as cryptographic/system reconnaissance patterns. The skill contains no network calls, filesystem access, or external commands.

2

스캔된 파일

324

분석된 줄 수

1

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

감사 버전 3

안전

Jan 10, 2026, 11:22 AM

This skill is a pure YAML specification document containing no executable code. It describes optimization tasks for a research agent but poses no security risk to users.

1

스캔된 파일

146

분석된 줄 수

0

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

감사 버전 2

안전

Jan 10, 2026, 11:22 AM

This skill is a pure YAML specification document containing no executable code. It describes optimization tasks for a research agent but poses no security risk to users.

1

스캔된 파일

146

분석된 줄 수

0

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

감사 버전 1

안전

Jan 10, 2026, 11:22 AM

This skill is a pure YAML specification document containing no executable code. It describes optimization tasks for a research agent but poses no security risk to users.

1

스캔된 파일

146

분석된 줄 수

0

발견 사항

claude

감사자

보안 문제가 발견되지 않았습니다

감사 버전 6

감사 버전 5

위험 요인

감사 버전 4

위험 요인

감사 버전 3

감사 버전 2

감사 버전 1