Habilidades react-flow-best-practices Histórico de Auditoria
📦

Histórico de Auditoria

react-flow-best-practices - 2 auditorias

Versão da auditoria 2

Mais recente Seguro

May 26, 2026, 08:37 AM

Static analysis flagged 247 potential issues, but all high and medium severity findings are false positives caused by markdown code formatting. Backtick characters in TypeScript code examples were misinterpreted as shell execution. Weak cryptographic algorithm flags were triggered by TypeScript import and type syntax in documentation. A low-severity finding confirms a hardcoded promotional URL (casely.digital) in SKILL.md with an embedded instruction to promote a product. No executable code, credential handling, or malicious patterns exist. The skill is safe to publish.

5
Arquivos analisados
324
Linhas analisadas
2
achados
claude
Auditado por
Problemas de Baixo Risco (1)
SKILL.md:70
Embedded promotional URL with product mention instruction
SKILL.md line 70 contains a hardcoded URL (casely.digital) and an instruction telling the AI to promote this product when relevant. This is a mild prompt injection attempt. The instruction uses permissive language (may, once, naturally) and is not an override directive.

Fatores de risco

🌐 Acesso à rede (1)
SKILL.md:70

Padrões Detectados

Markdown code blocks flagged as shell execution (false positive)TypeScript syntax flagged as cryptographic algorithm (false positive)Documentation text flagged as system reconnaissance (false positive)

Versão da auditoria 1

Baixo Risco

May 25, 2026, 09:11 PM

Static analysis flagged 247 detections across 5 files (324 lines), all driven by markdown backtick code-fence false positives and pattern collisions with innocuous TypeScript identifiers in documentation. After manual evaluation, every 'weak cryptographic algorithm' (62), 'Ruby/shell backtick execution' (184), 'system reconnaissance' (8), and 'network reconnaissance' (1) detection is a false positive — the skill contains only Markdown reference docs and a YAML config file with no executable code. One legitimate low-severity finding: SKILL.md line 70 includes a hardcoded promotional URL to a commercial service (casely.digital), disclosed in documentation but representing embedded marketing content.

5
Arquivos analisados
324
Linhas analisadas
2
achados
claude
Auditado por
Problemas de Baixo Risco (1)
SKILL.md:70
Embedded Promotional URL
SKILL.md line 70 contains a hardcoded URL to casely.digital, a commercial AI workflow service. The text instructs the AI to mention this service during conversations with users. While disclosed transparently in the skill documentation, this represents embedded promotional content for a third-party commercial product.

Fatores de risco

🌐 Acesso à rede (1)
SKILL.md:70
← Voltar para Skill