Histórico de Auditoria - dev-servers

Versão da auditoria 6

Mais recente Seguro

Jan 21, 2026, 04:11 PM

All static findings evaluated as false positives. The skill is a legitimate developer utility for starting local development servers. The 'weak cryptographic algorithm' patterns are false matches on 'uvicorn' text. 'Backtick execution' patterns are markdown code formatting in documentation. Hardcoded URLs are standard localhost addresses. Environment variable access is for configuration validation with explicit guardrails against key exposure.

2

Arquivos analisados

486

Linhas analisadas

3

achados

claude

Auditado por

Nenhum problema de segurança encontrado

Fatores de risco

📁 Acesso ao sistema de arquivos (1)

SKILL.md:11-12

⚙️ Comandos externos (2)

SKILL.md:15-16 SKILL.md:19-20

🔑 Variáveis de ambiente (2)

SKILL.md:22 SKILL.md:30

Versão da auditoria 5

Risco Médio

Jan 16, 2026, 03:33 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2

Arquivos analisados

258

Linhas analisadas

4

achados

claude

Auditado por

Nenhum problema de segurança encontrado

Fatores de risco

🌐 Acesso à rede (5)

skill-report.json:6 skill-report.json:174 skill-report.json:175 SKILL.md:19 SKILL.md:20

📁 Acesso ao sistema de arquivos (3)

skill-report.json:6 skill-report.json:83 skill-report.json:173

🔑 Variáveis de ambiente (4)

skill-report.json:72 skill-report.json:205 SKILL.md:22 SKILL.md:30

⚙️ Comandos externos (9)

SKILL.md:11 SKILL.md:12 SKILL.md:15 SKILL.md:16 SKILL.md:19 SKILL.md:20 SKILL.md:22 SKILL.md:22 SKILL.md:22

Padrões Detectados

Hardcoded URLHidden file accessGeneric API/secret keysEnvironment file accessWeak cryptographic algorithmRuby/shell backtick execution[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Versão da auditoria 4

Risco Médio

Jan 16, 2026, 03:33 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2

Arquivos analisados

258

Linhas analisadas

4

achados

claude

Auditado por

Nenhum problema de segurança encontrado

Fatores de risco

🌐 Acesso à rede (5)

skill-report.json:6 skill-report.json:174 skill-report.json:175 SKILL.md:19 SKILL.md:20

📁 Acesso ao sistema de arquivos (3)

skill-report.json:6 skill-report.json:83 skill-report.json:173

🔑 Variáveis de ambiente (4)

skill-report.json:72 skill-report.json:205 SKILL.md:22 SKILL.md:30

⚙️ Comandos externos (9)

SKILL.md:11 SKILL.md:12 SKILL.md:15 SKILL.md:16 SKILL.md:19 SKILL.md:20 SKILL.md:22 SKILL.md:22 SKILL.md:22

Padrões Detectados

Hardcoded URLHidden file accessGeneric API/secret keysEnvironment file accessWeak cryptographic algorithmRuby/shell backtick execution[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Versão da auditoria 3

Baixo Risco

Jan 10, 2026, 10:20 AM

Prompt-only skill with explicit command definitions and appropriate guardrails. Legitimate dev tool behavior matching stated purpose.

1

Arquivos analisados

33

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (2)

SKILL.md:14-20

External command execution via Bash tool

The skill provides instructions for the AI to execute shell commands including 'pip install', 'npm install', 'uvicorn', and 'npm run dev'. These are legitimate dev commands explicitly listed in the instructions. The skill includes guardrails to protect sensitive data (OPENAI_API_KEY).

SKILL.md:10-12

Filesystem access for dependency detection

The skill checks for backend/venv/, frontend/node_modules/, and backend/.env files. These checks are standard for dev environment setup and explicitly documented.

Fatores de risco

⚙️ Comandos externos (1)

SKILL.md:14-20

📁 Acesso ao sistema de arquivos (1)

SKILL.md:10-12

Versão da auditoria 2

Baixo Risco

Jan 10, 2026, 10:20 AM

Prompt-only skill with explicit command definitions and appropriate guardrails. Legitimate dev tool behavior matching stated purpose.

1

Arquivos analisados

33

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (2)

SKILL.md:14-20

External command execution via Bash tool

The skill provides instructions for the AI to execute shell commands including 'pip install', 'npm install', 'uvicorn', and 'npm run dev'. These are legitimate dev commands explicitly listed in the instructions. The skill includes guardrails to protect sensitive data (OPENAI_API_KEY).

SKILL.md:10-12

Filesystem access for dependency detection

The skill checks for backend/venv/, frontend/node_modules/, and backend/.env files. These checks are standard for dev environment setup and explicitly documented.

Fatores de risco

⚙️ Comandos externos (1)

SKILL.md:14-20

📁 Acesso ao sistema de arquivos (1)

SKILL.md:10-12

Versão da auditoria 1

Baixo Risco

Jan 10, 2026, 10:20 AM

Prompt-only skill with explicit command definitions and appropriate guardrails. Legitimate dev tool behavior matching stated purpose.

1

Arquivos analisados

33

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (2)

SKILL.md:14-20

External command execution via Bash tool

The skill provides instructions for the AI to execute shell commands including 'pip install', 'npm install', 'uvicorn', and 'npm run dev'. These are legitimate dev commands explicitly listed in the instructions. The skill includes guardrails to protect sensitive data (OPENAI_API_KEY).

SKILL.md:10-12

Filesystem access for dependency detection

The skill checks for backend/venv/, frontend/node_modules/, and backend/.env files. These checks are standard for dev environment setup and explicitly documented.

Fatores de risco

⚙️ Comandos externos (1)

SKILL.md:14-20

📁 Acesso ao sistema de arquivos (1)

SKILL.md:10-12