📦
감사 이력
better-auth-best-practices - 2 감사들
감사 버전 2
최신 안전Mar 19, 2026, 08:21 AM
This skill contains documentation-only content (SKILL.md) with no executable code. Static analyzer flagged 144 external command patterns and 7 network URLs, but all are false positives: command examples are CLI instructions for users to run manually, and URLs are documentation links. No security risks detected.
1
스캔된 파일
175
분석된 줄 수
2
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다
위험 요인
⚙️ 외부 명령어
기록된 특정 위치가 없습니다
🌐 네트워크 접근
기록된 특정 위치가 없습니다
감사 버전 1
안전Jan 23, 2026, 07:20 AM
All 149 static findings are FALSE POSITIVES. This is a documentation-only skill containing markdown reference material. The scanner misinterpreted inline code examples (CLI commands, config snippets) as executable code. No network calls, file system access, or credential handling exists in this skill. Safe for publication.
1
스캔된 파일
166
분석된 줄 수
3
발견 사항
claude
감사자
중간 위험 문제 (3)
External Command Patterns in Documentation
Scanner detected backtick-wrapped code patterns (e.g., `openssl rand`, `npx @better-auth/cli migrate`) and flagged as shell execution. These are inline code examples in markdown documentation, not actual command execution.
Network URL Patterns in Documentation
Scanner detected hardcoded URLs (better-auth.com, GitHub, example.com) as external network calls. These are documentation links, not actual network requests.
Credential Access Patterns in Documentation
Scanner flagged references to authCookies, password.hash(), and similar terms as credential access. These are documentation mentions of authentication concepts.