Habilidades backend-fastapi Histórico de auditoria
📦

Histórico de auditoria

backend-fastapi - 6 auditorias

Versão da auditoria 6

Mais recente Baixo Risco

Jun 28, 2026, 04:21 AM

Static analysis flagged Markdown backticks, environment variable names, and one weak-cryptography pattern. Review found documentation text only: local run examples, endpoint names, file names, and required secret variable names, with no executable code, secret reading, network exfiltration, or prompt injection. The skill is safe to publish with low residual risk from documented operational commands and secret configuration names.

1
Arquivos analisados
50
Linhas analisadas
2
Review items
3
False positives ignored
Static false positives ignored (3)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Baixo
False Positive: Markdown Backticks Flagged as Shell Execution
Static analysis reported Ruby or shell backtick execution in SKILL.md. The cited lines are Markdown inline code for file paths, endpoint names, data type names, service names, and a local uvicorn run example; no executable Ruby, shell backtick syntax, or command interpolation is present.
The file contains prose and Markdown inline code, not Ruby or shell source. The only run command is a normal local development command and is not hidden or malicious.
Baixo
False Positive: Secret Variable Names Listed for Configuration
Static analysis flagged generic API or secret keys on lines 48 and 49. Those lines list required environment variable names for Gemini and Qdrant configuration; the skill does not read, print, transmit, or request secret values.
The evidence is limited to environment variable names in a documentation section. No code path accesses environment contents or sends them elsewhere.
Baixo
False Positive: Weak Cryptography Pattern Not Present
Static analysis reported a weak cryptographic algorithm at SKILL.md line 3. Line 3 is the YAML description for FastAPI documentation and contains no hash algorithm, encryption primitive, or security implementation guidance.
Manual review of the cited line found only descriptive metadata. No cryptographic term or algorithm appears at that location.
Auditado por: codex

Versão da auditoria 5

Seguro

Jan 16, 2026, 04:11 PM

Documentation-only skill containing no executable code. The SKILL.md file describes FastAPI backend architecture without any scripts, network calls, or file system access capabilities. All 40 static findings are false positives caused by the scanner misinterpreting documentation text as code patterns.

2
Arquivos analisados
226
Linhas analisadas
2
Review items
0
False positives ignored
Auditado por: claude

Versão da auditoria 4

Seguro

Jan 16, 2026, 04:11 PM

Documentation-only skill containing no executable code. The SKILL.md file describes FastAPI backend architecture without any scripts, network calls, or file system access capabilities. All 40 static findings are false positives caused by the scanner misinterpreting documentation text as code patterns.

2
Arquivos analisados
226
Linhas analisadas
2
Review items
0
False positives ignored
Auditado por: claude

Versão da auditoria 3

Seguro

Jan 10, 2026, 09:48 AM

Documentation-only skill containing no executable code. The SKILL.md file describes FastAPI backend architecture without any scripts, network calls, or file system access capabilities.

1
Arquivos analisados
50
Linhas analisadas
0
Review items
0
False positives ignored
Nenhum problema de segurança encontrado
Auditado por: claude

Versão da auditoria 2

Seguro

Jan 10, 2026, 09:48 AM

Documentation-only skill containing no executable code. The SKILL.md file describes FastAPI backend architecture without any scripts, network calls, or file system access capabilities.

1
Arquivos analisados
50
Linhas analisadas
0
Review items
0
False positives ignored
Nenhum problema de segurança encontrado
Auditado por: claude

Versão da auditoria 1

Seguro

Jan 10, 2026, 09:48 AM

Documentation-only skill containing no executable code. The SKILL.md file describes FastAPI backend architecture without any scripts, network calls, or file system access capabilities.

1
Arquivos analisados
50
Linhas analisadas
0
Review items
0
False positives ignored
Nenhum problema de segurança encontrado
Auditado por: claude