Histórico de Auditoria - writing-skills

Versão da auditoria 5

Mais recente Baixo Risco

Jan 17, 2026, 01:38 AM

Documentation skill for skill authoring methodology. Static analysis flagged 521 patterns in markdown files showing code examples (not executable) and documentation references. The only executable file (render-graphs.js) is a legitimate helper script for rendering Graphviz diagrams. No network access, no credential handling, no data exfiltration. All static findings are false positives from documentation examples.

8

Arquivos analisados

3,189

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (1)

render-graphs.js:72-76 render-graphs.js:112-118

Script executes external command

render-graphs.js uses execSync to run Graphviz dot command for diagram rendering. Purpose is legitimate (visualizing skill flowcharts), output is restricted to skill subdirectory.

Fatores de risco

⚙️ Comandos externos (3)

SKILL.md:12 anthropic-best-practices.md:32-43 examples/CLAUDE_MD_TESTING.md:8-25

⚡ Contém scripts (1)

render-graphs.js:1-169

📁 Acesso ao sistema de arquivos (2)

render-graphs.js:120 render-graphs.js:131-146

Versão da auditoria 4

Baixo Risco

Jan 17, 2026, 01:38 AM

Documentation skill for skill authoring methodology. Static analysis flagged 521 patterns in markdown files showing code examples (not executable) and documentation references. The only executable file (render-graphs.js) is a legitimate helper script for rendering Graphviz diagrams. No network access, no credential handling, no data exfiltration. All static findings are false positives from documentation examples.

8

Arquivos analisados

3,189

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (1)

render-graphs.js:72-76 render-graphs.js:112-118

Script executes external command

render-graphs.js uses execSync to run Graphviz dot command for diagram rendering. Purpose is legitimate (visualizing skill flowcharts), output is restricted to skill subdirectory.

Fatores de risco

⚙️ Comandos externos (3)

SKILL.md:12 anthropic-best-practices.md:32-43 examples/CLAUDE_MD_TESTING.md:8-25

⚡ Contém scripts (1)

render-graphs.js:1-169

📁 Acesso ao sistema de arquivos (2)

render-graphs.js:120 render-graphs.js:131-146

Versão da auditoria 3

Baixo Risco

Jan 7, 2026, 01:43 AM

Documentation-focused skill with one helper script that renders Graphviz diagrams to SVG. All capabilities align with stated purpose. No network access, no credential handling, no data exfiltration.

7

Arquivos analisados

2,738

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (1)

render-graphs.js:72-76 render-graphs.js:112-118

Script executes external command

render-graphs.js uses execSync to run 'dot -Tsvg' (graphviz renderer) and 'which dot' (command availability check). This is necessary for the documented purpose of rendering flowchart diagrams from skill documentation. The script only writes to a 'diagrams' subdirectory within the skill directory.

Fatores de risco

⚡ Contém scripts (1)

render-graphs.js:1-169

⚙️ Comandos externos (2)

render-graphs.js:72-76 render-graphs.js:112-118

📁 Acesso ao sistema de arquivos (3)

render-graphs.js:105-108 render-graphs.js:120 render-graphs.js:131-146

Versão da auditoria 2

Baixo Risco

Jan 7, 2026, 01:43 AM

Documentation-focused skill with one helper script that renders Graphviz diagrams to SVG. All capabilities align with stated purpose. No network access, no credential handling, no data exfiltration.

7

Arquivos analisados

2,738

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (1)

render-graphs.js:72-76 render-graphs.js:112-118

Script executes external command

render-graphs.js uses execSync to run 'dot -Tsvg' (graphviz renderer) and 'which dot' (command availability check). This is necessary for the documented purpose of rendering flowchart diagrams from skill documentation. The script only writes to a 'diagrams' subdirectory within the skill directory.

Fatores de risco

⚡ Contém scripts (1)

render-graphs.js:1-169

⚙️ Comandos externos (2)

render-graphs.js:72-76 render-graphs.js:112-118

📁 Acesso ao sistema de arquivos (3)

render-graphs.js:105-108 render-graphs.js:120 render-graphs.js:131-146

Versão da auditoria 1

Baixo Risco

Jan 7, 2026, 01:43 AM

Documentation-focused skill with one helper script that renders Graphviz diagrams to SVG. All capabilities align with stated purpose. No network access, no credential handling, no data exfiltration.

7

Arquivos analisados

2,738

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (1)

render-graphs.js:72-76 render-graphs.js:112-118

Script executes external command

render-graphs.js uses execSync to run 'dot -Tsvg' (graphviz renderer) and 'which dot' (command availability check). This is necessary for the documented purpose of rendering flowchart diagrams from skill documentation. The script only writes to a 'diagrams' subdirectory within the skill directory.

Fatores de risco

⚡ Contém scripts (1)

render-graphs.js:1-169

⚙️ Comandos externos (2)

render-graphs.js:72-76 render-graphs.js:112-118

📁 Acesso ao sistema de arquivos (3)

render-graphs.js:105-108 render-graphs.js:120 render-graphs.js:131-146