스킬 uv-package-manager 감사 이력

감사 이력

uv-package-manager - 4 감사들

감사 버전 4

최신 안전

Jan 17, 2026, 08:41 AM

Documentation-only skill teaching uv package manager usage. Static findings detected shell pipe patterns and PowerShell commands which are the official installation methods from astral.sh. All detected patterns are standard documentation for legitimate software installation and represent false positives.

2
스캔된 파일
1,080
분석된 줄 수
3
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

위험 요인

⚙️ 외부 명령어 (3)
SKILL.md:55 SKILL.md:58 SKILL.md:143
🌐 네트워크 접근 (2)
SKILL.md:55 SKILL.md:814-819
📁 파일 시스템 액세스 (2)
SKILL.md:448 SKILL.md:488-490

감사 버전 3

안전

Jan 17, 2026, 08:41 AM

Documentation-only skill teaching uv package manager usage. Static findings detected shell pipe patterns and PowerShell commands which are the official installation methods from astral.sh. All detected patterns are standard documentation for legitimate software installation and represent false positives.

2
스캔된 파일
1,080
분석된 줄 수
3
발견 사항
claude
감사자
보안 문제를 찾지 못했습니다

위험 요인

⚙️ 외부 명령어 (3)
SKILL.md:55 SKILL.md:58 SKILL.md:143
🌐 네트워크 접근 (2)
SKILL.md:55 SKILL.md:814-819
📁 파일 시스템 액세스 (2)
SKILL.md:448 SKILL.md:488-490

감사 버전 2

치명적

Jan 4, 2026, 04:39 PM

The skill documentation contains download-and-execute patterns (curl | sh and PowerShell remote execution) that pose security risks, along with shell profile modification commands that could be used for persistence.

4
스캔된 파일
860
분석된 줄 수
4
발견 사항
claude
감사자

심각한 문제 (3)

SKILL.md:55
Download and execute installer script
The skill instructs users to run a remote script via shell pipe, which is a download-and-execute pattern: "curl -LsSf https://astral.sh/uv/install.sh | sh".
SKILL.md:58
Download and execute PowerShell installer
The skill instructs users to execute a remote PowerShell script, which is a download-and-execute pattern: "powershell -c \"irm https://astral.sh/uv/install.ps1 | iex\"".
SKILL.md:680
Shell profile modification
The skill suggests appending to a shell rc file, which is a persistence mechanism pattern: "echo 'export PATH=\"$HOME/.cargo/bin:$PATH\"' >> ~/.bashrc".

위험 요인

⚙️ 외부 명령어 (3)
SKILL.md:55 SKILL.md:58 SKILL.md:680

감지된 패턴

curl pipe to shell installerPowerShell remote executionShell profile modification

감사 버전 1

치명적

Jan 4, 2026, 04:39 PM

The skill documentation contains download-and-execute patterns (curl | sh and PowerShell remote execution) that pose security risks, along with shell profile modification commands that could be used for persistence.

4
스캔된 파일
860
분석된 줄 수
4
발견 사항
claude
감사자

심각한 문제 (3)

SKILL.md:55
Download and execute installer script
The skill instructs users to run a remote script via shell pipe, which is a download-and-execute pattern: "curl -LsSf https://astral.sh/uv/install.sh | sh".
SKILL.md:58
Download and execute PowerShell installer
The skill instructs users to execute a remote PowerShell script, which is a download-and-execute pattern: "powershell -c \"irm https://astral.sh/uv/install.ps1 | iex\"".
SKILL.md:680
Shell profile modification
The skill suggests appending to a shell rc file, which is a persistence mechanism pattern: "echo 'export PATH=\"$HOME/.cargo/bin:$PATH\"' >> ~/.bashrc".

위험 요인

⚙️ 외부 명령어 (3)
SKILL.md:55 SKILL.md:58 SKILL.md:680

감지된 패턴

curl pipe to shell installerPowerShell remote executionShell profile modification
← 스킬로 돌아가기