Habilidades building-agents Histórico de Auditoria
🤖

Histórico de Auditoria

building-agents - 5 auditorias

Versão da auditoria 5

Mais recente Baixo Risco

Jan 16, 2026, 07:42 PM

Pure prompt-based skill for Claude Code agent creation. Static findings are false positives: hex color codes misidentified as MD5 hashes, markdown code blocks misidentified as shell backticks, and CLI command examples misidentified as reconnaissance. The skill includes a Python validation script that safely reads user-specified files without network access or credential handling.

9
Arquivos analisados
3,548
Linhas analisadas
4
achados
claude
Auditado por
Problemas de Baixo Risco (1)
SKILL.md:5
Bash tool in allowed-tools
The skill declares Bash in allowed-tools for running validation scripts. This is documented, expected behavior for an agent-builder skill, and runs within Claude Code's sandbox.

Fatores de risco

⚡ Contém scripts (1)
scripts/validate-agent.py:1-188
📁 Acesso ao sistema de arquivos (1)
SKILL.md:33-35
⚙️ Comandos externos (1)
SKILL.md:441-451

Versão da auditoria 4

Baixo Risco

Jan 16, 2026, 07:42 PM

Pure prompt-based skill for Claude Code agent creation. Static findings are false positives: hex color codes misidentified as MD5 hashes, markdown code blocks misidentified as shell backticks, and CLI command examples misidentified as reconnaissance. The skill includes a Python validation script that safely reads user-specified files without network access or credential handling.

9
Arquivos analisados
3,548
Linhas analisadas
4
achados
claude
Auditado por
Problemas de Baixo Risco (1)
SKILL.md:5
Bash tool in allowed-tools
The skill declares Bash in allowed-tools for running validation scripts. This is documented, expected behavior for an agent-builder skill, and runs within Claude Code's sandbox.

Fatores de risco

⚡ Contém scripts (1)
scripts/validate-agent.py:1-188
📁 Acesso ao sistema de arquivos (1)
SKILL.md:33-35
⚙️ Comandos externos (1)
SKILL.md:441-451

Versão da auditoria 3

Baixo Risco

Jan 10, 2026, 11:46 AM

Pure prompt-based skill with a Python validation script. No network access, no credential handling, no file system overreach. The script only reads user-specified agent files for validation. All capabilities align with the stated purpose of agent creation and validation.

8
Arquivos analisados
3,267
Linhas analisadas
4
achados
claude
Auditado por
Problemas de Baixo Risco (1)
SKILL.md:5
Bash tool in allowed-tools
The skill declares Bash in allowed-tools (SKILL.md:5). This is appropriate for running validation scripts, but grants the skill capability to execute arbitrary shell commands. An attacker controlling this skill could execute commands. However, this is documented, expected behavior for an agent-builder skill, and the skill runs within Claude Code's sandbox.

Fatores de risco

⚡ Contém scripts (1)
scripts/validate-agent.py:1-188
📁 Acesso ao sistema de arquivos (2)
SKILL.md:5 scripts/validate-agent.py:27
⚙️ Comandos externos (1)
SKILL.md:5

Versão da auditoria 2

Baixo Risco

Jan 10, 2026, 11:46 AM

Pure prompt-based skill with a Python validation script. No network access, no credential handling, no file system overreach. The script only reads user-specified agent files for validation. All capabilities align with the stated purpose of agent creation and validation.

8
Arquivos analisados
3,267
Linhas analisadas
4
achados
claude
Auditado por
Problemas de Baixo Risco (1)
SKILL.md:5
Bash tool in allowed-tools
The skill declares Bash in allowed-tools (SKILL.md:5). This is appropriate for running validation scripts, but grants the skill capability to execute arbitrary shell commands. An attacker controlling this skill could execute commands. However, this is documented, expected behavior for an agent-builder skill, and the skill runs within Claude Code's sandbox.

Fatores de risco

⚡ Contém scripts (1)
scripts/validate-agent.py:1-188
📁 Acesso ao sistema de arquivos (2)
SKILL.md:5 scripts/validate-agent.py:27
⚙️ Comandos externos (1)
SKILL.md:5

Versão da auditoria 1

Baixo Risco

Jan 10, 2026, 11:46 AM

Pure prompt-based skill with a Python validation script. No network access, no credential handling, no file system overreach. The script only reads user-specified agent files for validation. All capabilities align with the stated purpose of agent creation and validation.

8
Arquivos analisados
3,267
Linhas analisadas
4
achados
claude
Auditado por
Problemas de Baixo Risco (1)
SKILL.md:5
Bash tool in allowed-tools
The skill declares Bash in allowed-tools (SKILL.md:5). This is appropriate for running validation scripts, but grants the skill capability to execute arbitrary shell commands. An attacker controlling this skill could execute commands. However, this is documented, expected behavior for an agent-builder skill, and the skill runs within Claude Code's sandbox.

Fatores de risco

⚡ Contém scripts (1)
scripts/validate-agent.py:1-188
📁 Acesso ao sistema de arquivos (2)
SKILL.md:5 scripts/validate-agent.py:27
⚙️ Comandos externos (1)
SKILL.md:5
← Voltar para Skill