Habilidades project-scaffolder Histórico de Auditoria
📦

Histórico de Auditoria

project-scaffolder - 6 auditorias

Versão da auditoria 6

Mais recente Baixo Risco

Jan 21, 2026, 04:45 PM

All static findings are false positives. The skill is a documentation-only project scaffolding tool. Scanner misinterpreted Go import statements as dynamic imports, Cobra CLI framework references as cmd.exe execution, and legitimate configuration URLs and environment variable patterns as security risks. No actual malicious code execution, credential exfiltration, or command injection patterns present.

2
Arquivos analisados
2,301
Linhas analisadas
5
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Fatores de risco

⚡ Contém scripts (4)
skill-report.json:687 skill-report.json:688 SKILL.md:613-615 SKILL.md:626-632
⚙️ Comandos externos (79)
skill-report.json:1096 skill-report.json:1097 SKILL.md:54-60 SKILL.md:60-66 SKILL.md:66-78 SKILL.md:78-81 SKILL.md:81-110 SKILL.md:110-113 SKILL.md:113-136 SKILL.md:136-139 SKILL.md:139-148 SKILL.md:148-151 SKILL.md:151-173 SKILL.md:173-176 SKILL.md:176-191 SKILL.md:191-195 SKILL.md:195-204 SKILL.md:204-207 SKILL.md:207-237 SKILL.md:237-240 SKILL.md:240-269 SKILL.md:269-272 SKILL.md:272-281 SKILL.md:281-283 SKILL.md:283-286 SKILL.md:286-320 SKILL.md:320-323 SKILL.md:323-333 SKILL.md:333-336 SKILL.md:336-363 SKILL.md:363-366 SKILL.md:366-379 SKILL.md:379-383 SKILL.md:383-395 SKILL.md:395-398 SKILL.md:398-437 SKILL.md:437-440 SKILL.md:440-471 SKILL.md:471-474 SKILL.md:474-499 SKILL.md:499-502 SKILL.md:502-524 SKILL.md:524-527 SKILL.md:527-548 SKILL.md:548-551 SKILL.md:551-557 SKILL.md:557-560 SKILL.md:560-570 SKILL.md:570-574 SKILL.md:574-582 SKILL.md:582-585 SKILL.md:585-607 SKILL.md:607-610 SKILL.md:610-620 SKILL.md:620-623 SKILL.md:623-642 SKILL.md:642-677 SKILL.md:677-680 SKILL.md:680-709 SKILL.md:709-713 SKILL.md:713-717 SKILL.md:717-720 SKILL.md:720-734 SKILL.md:734-737 SKILL.md:737-758 SKILL.md:758-761 SKILL.md:761-778 SKILL.md:778-783 SKILL.md:783-816 SKILL.md:816-819 SKILL.md:819-834 SKILL.md:834-837 SKILL.md:837-874 SKILL.md:874-904 SKILL.md:904-938 SKILL.md:684 SKILL.md:680-709 SKILL.md:618 SKILL.md:646
🌐 Acesso à rede (5)
skill-report.json:6 SKILL.md:484 SKILL.md:739 SKILL.md:823 SKILL.md:470
🔑 Variáveis de ambiente (14)
skill-report.json:1156 skill-report.json:1157 SKILL.md:278 SKILL.md:278 SKILL.md:199 SKILL.md:274 SKILL.md:274 SKILL.md:276 SKILL.md:392 SKILL.md:556 SKILL.md:487 SKILL.md:826 SKILL.md:490 SKILL.md:833
📁 Acesso ao sistema de arquivos (1)
SKILL.md:655

Versão da auditoria 5

Risco Médio

Jan 16, 2026, 11:06 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Arquivos analisados
1,142
Linhas analisadas
5
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Fatores de risco

🌐 Acesso à rede (5)
skill-report.json:6 SKILL.md:484 SKILL.md:739 SKILL.md:823 SKILL.md:470
⚡ Contém scripts (2)
SKILL.md:613-615 SKILL.md:626-632
⚙️ Comandos externos (77)
SKILL.md:54-60 SKILL.md:60-66 SKILL.md:66-78 SKILL.md:78-81 SKILL.md:81-110 SKILL.md:110-113 SKILL.md:113-136 SKILL.md:136-139 SKILL.md:139-148 SKILL.md:148-151 SKILL.md:151-173 SKILL.md:173-176 SKILL.md:176-191 SKILL.md:191-195 SKILL.md:195-204 SKILL.md:204-207 SKILL.md:207-237 SKILL.md:237-240 SKILL.md:240-269 SKILL.md:269-272 SKILL.md:272-281 SKILL.md:281-283 SKILL.md:283-286 SKILL.md:286-320 SKILL.md:320-323 SKILL.md:323-333 SKILL.md:333-336 SKILL.md:336-363 SKILL.md:363-366 SKILL.md:366-379 SKILL.md:379-383 SKILL.md:383-395 SKILL.md:395-398 SKILL.md:398-437 SKILL.md:437-440 SKILL.md:440-471 SKILL.md:471-474 SKILL.md:474-499 SKILL.md:499-502 SKILL.md:502-524 SKILL.md:524-527 SKILL.md:527-548 SKILL.md:548-551 SKILL.md:551-557 SKILL.md:557-560 SKILL.md:560-570 SKILL.md:570-574 SKILL.md:574-582 SKILL.md:582-585 SKILL.md:585-607 SKILL.md:607-610 SKILL.md:610-620 SKILL.md:620-623 SKILL.md:623-642 SKILL.md:642-677 SKILL.md:677-680 SKILL.md:680-709 SKILL.md:709-713 SKILL.md:713-717 SKILL.md:717-720 SKILL.md:720-734 SKILL.md:734-737 SKILL.md:737-758 SKILL.md:758-761 SKILL.md:761-778 SKILL.md:778-783 SKILL.md:783-816 SKILL.md:816-819 SKILL.md:819-834 SKILL.md:834-837 SKILL.md:837-874 SKILL.md:874-904 SKILL.md:904-938 SKILL.md:684 SKILL.md:680-709 SKILL.md:618 SKILL.md:646
📁 Acesso ao sistema de arquivos (1)
SKILL.md:655
🔑 Variáveis de ambiente (12)
SKILL.md:278 SKILL.md:278 SKILL.md:199 SKILL.md:274 SKILL.md:274 SKILL.md:276 SKILL.md:392 SKILL.md:556 SKILL.md:487 SKILL.md:826 SKILL.md:490 SKILL.md:833

Padrões Detectados

Hardcoded URLC2 keywordsWeak cryptographic algorithmDynamic import() expressionRuby/shell backtick executionShell command substitutionTemplate literal with command substitutionWindows cmd.exeHardcoded IP addressHidden file accessEnvironment variable access (dot notation)Environment variable objectdotenv libraryDatabase connection stringsGeneric API/secret keysEnvironment file accessEnvironment variant filesSQLite database file[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Versão da auditoria 4

Risco Médio

Jan 16, 2026, 11:06 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Arquivos analisados
1,142
Linhas analisadas
5
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Fatores de risco

🌐 Acesso à rede (5)
skill-report.json:6 SKILL.md:484 SKILL.md:739 SKILL.md:823 SKILL.md:470
⚡ Contém scripts (2)
SKILL.md:613-615 SKILL.md:626-632
⚙️ Comandos externos (77)
SKILL.md:54-60 SKILL.md:60-66 SKILL.md:66-78 SKILL.md:78-81 SKILL.md:81-110 SKILL.md:110-113 SKILL.md:113-136 SKILL.md:136-139 SKILL.md:139-148 SKILL.md:148-151 SKILL.md:151-173 SKILL.md:173-176 SKILL.md:176-191 SKILL.md:191-195 SKILL.md:195-204 SKILL.md:204-207 SKILL.md:207-237 SKILL.md:237-240 SKILL.md:240-269 SKILL.md:269-272 SKILL.md:272-281 SKILL.md:281-283 SKILL.md:283-286 SKILL.md:286-320 SKILL.md:320-323 SKILL.md:323-333 SKILL.md:333-336 SKILL.md:336-363 SKILL.md:363-366 SKILL.md:366-379 SKILL.md:379-383 SKILL.md:383-395 SKILL.md:395-398 SKILL.md:398-437 SKILL.md:437-440 SKILL.md:440-471 SKILL.md:471-474 SKILL.md:474-499 SKILL.md:499-502 SKILL.md:502-524 SKILL.md:524-527 SKILL.md:527-548 SKILL.md:548-551 SKILL.md:551-557 SKILL.md:557-560 SKILL.md:560-570 SKILL.md:570-574 SKILL.md:574-582 SKILL.md:582-585 SKILL.md:585-607 SKILL.md:607-610 SKILL.md:610-620 SKILL.md:620-623 SKILL.md:623-642 SKILL.md:642-677 SKILL.md:677-680 SKILL.md:680-709 SKILL.md:709-713 SKILL.md:713-717 SKILL.md:717-720 SKILL.md:720-734 SKILL.md:734-737 SKILL.md:737-758 SKILL.md:758-761 SKILL.md:761-778 SKILL.md:778-783 SKILL.md:783-816 SKILL.md:816-819 SKILL.md:819-834 SKILL.md:834-837 SKILL.md:837-874 SKILL.md:874-904 SKILL.md:904-938 SKILL.md:684 SKILL.md:680-709 SKILL.md:618 SKILL.md:646
📁 Acesso ao sistema de arquivos (1)
SKILL.md:655
🔑 Variáveis de ambiente (12)
SKILL.md:278 SKILL.md:278 SKILL.md:199 SKILL.md:274 SKILL.md:274 SKILL.md:276 SKILL.md:392 SKILL.md:556 SKILL.md:487 SKILL.md:826 SKILL.md:490 SKILL.md:833

Padrões Detectados

Hardcoded URLC2 keywordsWeak cryptographic algorithmDynamic import() expressionRuby/shell backtick executionShell command substitutionTemplate literal with command substitutionWindows cmd.exeHardcoded IP addressHidden file accessEnvironment variable access (dot notation)Environment variable objectdotenv libraryDatabase connection stringsGeneric API/secret keysEnvironment file accessEnvironment variant filesSQLite database file[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Versão da auditoria 3

Seguro

Jan 10, 2026, 12:47 PM

Pure prompt-based skill containing only templates and guidance documentation. No executable code, no file system access, no network operations, and no command execution capabilities. This skill provides project scaffolding instructions that the AI generates for users to apply manually.

1
Arquivos analisados
950
Linhas analisadas
0
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Versão da auditoria 2

Seguro

Jan 10, 2026, 12:47 PM

Pure prompt-based skill containing only templates and guidance documentation. No executable code, no file system access, no network operations, and no command execution capabilities. This skill provides project scaffolding instructions that the AI generates for users to apply manually.

1
Arquivos analisados
950
Linhas analisadas
0
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Versão da auditoria 1

Seguro

Jan 10, 2026, 12:47 PM

Pure prompt-based skill containing only templates and guidance documentation. No executable code, no file system access, no network operations, and no command execution capabilities. This skill provides project scaffolding instructions that the AI generates for users to apply manually.

1
Arquivos analisados
950
Linhas analisadas
0
achados
claude
Auditado por
Nenhum problema de segurança encontrado
← Voltar para Skill