스킬 labarchive-integration 감사 이력
🔬

감사 이력

labarchive-integration - 4 감사들

감사 버전 4

최신 낮은 위험

Jan 17, 2026, 06:08 AM

All 275 static findings are false positives. Scanner triggered on markdown documentation (backtick syntax), security best practices (encrypt keyword), standard file operations (file existence checks), and legitimate API endpoints. Code review confirms no malicious patterns. This is legitimate LabArchives electronic lab notebook API integration.

9
스캔된 파일
2,680
분석된 줄 수
3
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

위험 요인

⚡ 스크립트 포함 (3)
scripts/setup_config.py:1-206 scripts/entry_operations.py:1-335 scripts/notebook_operations.py:1-270
🌐 네트워크 접근 (3)
references/api_reference.md:1-20 scripts/entry_operations.py:160-175 scripts/setup_config.py:25-27
📁 파일 시스템 액세스 (3)
scripts/notebook_operations.py:113-163 scripts/entry_operations.py:145-185 scripts/setup_config.py:70-80

감사 버전 3

낮은 위험

Jan 17, 2026, 06:08 AM

All 275 static findings are false positives. Scanner triggered on markdown documentation (backtick syntax), security best practices (encrypt keyword), standard file operations (file existence checks), and legitimate API endpoints. Code review confirms no malicious patterns. This is legitimate LabArchives electronic lab notebook API integration.

9
스캔된 파일
2,680
분석된 줄 수
3
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

위험 요인

⚡ 스크립트 포함 (3)
scripts/setup_config.py:1-206 scripts/entry_operations.py:1-335 scripts/notebook_operations.py:1-270
🌐 네트워크 접근 (3)
references/api_reference.md:1-20 scripts/entry_operations.py:160-175 scripts/setup_config.py:25-27
📁 파일 시스템 액세스 (3)
scripts/notebook_operations.py:113-163 scripts/entry_operations.py:145-185 scripts/setup_config.py:70-80

감사 버전 2

낮은 위험

Jan 12, 2026, 04:38 PM

The static analysis flagged numerous false positives. The 'external_commands' findings are markdown code blocks showing API URL patterns, not actual command execution. The 'weak cryptographic algorithm' findings reference MD5 in documentation examples, not actual implementation. This is a legitimate research tool for LabArchives API integration with no malicious intent detected.

7
스캔된 파일
2,206
분석된 줄 수
2
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

위험 요인

🌐 네트워크 접근 (3)
scripts/entry_operations.py:40-42 scripts/notebook_operations.py:40-42 scripts/setup_config.py:25-27
📁 파일 시스템 액세스 (2)
scripts/notebook_operations.py:146 scripts/setup_config.py:72-76

감사 버전 1

낮은 위험

Jan 4, 2026, 04:43 PM

This is a legitimate LabArchives API integration skill for electronic lab notebooks. Scripts make documented API calls to LabArchives endpoints only. Credentials are stored in config.yaml with restrictive 600 file permissions. No credential harvesting, exfiltration, or unexpected network destinations detected.

10
스캔된 파일
2,473
분석된 줄 수
6
발견 사항
claude
감사자
낮은 위험 문제 (2)
scripts/setup_config.py:70-79
Credentials stored in local config file
The setup_config.py script collects API credentials (access_key_id, access_password, user_email, user_external_password) and stores them in config.yaml. While file permissions are set to 600 (user read/write only), sensitive credentials are written to disk. Location: scripts/setup_config.py:72-79 ```python def create_config_file(config_data, output_path='config.yaml'): with open(output_path, 'w') as f: yaml.dump(config_data, f, default_flow_style=False, sort_keys=False) os.chmod(output_path, 0o600) ``` Mitigation: The documentation recommends adding config.yaml to .gitignore and provides an environment variable alternative for credential storage.
scripts/entry_operations.py:163-172
Credentials transmitted in API requests
The entry_operations.py script sends access credentials (access_key_id, access_password) as form data in HTTP POST requests to upload attachments. Location: scripts/entry_operations.py:163-172 ```python data = { 'uid': uid, 'nbid': nbid, 'entry_id': entry_id, 'filename': file_path.name, 'access_key_id': config['access_key_id'], 'access_password': config['access_password'] } response = requests.post(url, files=files, data=data) ``` This is standard API authentication behavior but credentials transit through the network.

위험 요인

⚡ 스크립트 포함 (3)
scripts/entry_operations.py:1-335 scripts/setup_config.py:1-206 scripts/notebook_operations.py:1-270
🌐 네트워크 접근 (3)
scripts/entry_operations.py:158-172 scripts/notebook_operations.py:131 references/api_reference.md:1-20
📁 파일 시스템 액세스 (3)
scripts/setup_config.py:72-79 scripts/notebook_operations.py:113-162 scripts/entry_operations.py:145-184
🔑 환경 변수 (2)
references/authentication_guide.md:57-67 scripts/setup_config.py:49-67
← 스킬로 돌아가기