Habilidades uv-package-manager Histórico de Auditoria

Histórico de Auditoria

uv-package-manager - 4 auditorias

Versão da auditoria 4

Mais recente Seguro

Jan 17, 2026, 08:41 AM

Documentation-only skill teaching uv package manager usage. Static findings detected shell pipe patterns and PowerShell commands which are the official installation methods from astral.sh. All detected patterns are standard documentation for legitimate software installation and represent false positives.

2
Arquivos analisados
1,080
Linhas analisadas
3
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Fatores de risco

⚙️ Comandos externos (3)
SKILL.md:55 SKILL.md:58 SKILL.md:143
🌐 Acesso à rede (2)
SKILL.md:55 SKILL.md:814-819
📁 Acesso ao sistema de arquivos (2)
SKILL.md:448 SKILL.md:488-490

Versão da auditoria 3

Seguro

Jan 17, 2026, 08:41 AM

Documentation-only skill teaching uv package manager usage. Static findings detected shell pipe patterns and PowerShell commands which are the official installation methods from astral.sh. All detected patterns are standard documentation for legitimate software installation and represent false positives.

2
Arquivos analisados
1,080
Linhas analisadas
3
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Fatores de risco

⚙️ Comandos externos (3)
SKILL.md:55 SKILL.md:58 SKILL.md:143
🌐 Acesso à rede (2)
SKILL.md:55 SKILL.md:814-819
📁 Acesso ao sistema de arquivos (2)
SKILL.md:448 SKILL.md:488-490

Versão da auditoria 2

Crítico

Jan 4, 2026, 04:39 PM

The skill documentation contains download-and-execute patterns (curl | sh and PowerShell remote execution) that pose security risks, along with shell profile modification commands that could be used for persistence.

4
Arquivos analisados
860
Linhas analisadas
4
achados
claude
Auditado por

Problemas Críticos (3)

SKILL.md:55
Download and execute installer script
The skill instructs users to run a remote script via shell pipe, which is a download-and-execute pattern: "curl -LsSf https://astral.sh/uv/install.sh | sh".
SKILL.md:58
Download and execute PowerShell installer
The skill instructs users to execute a remote PowerShell script, which is a download-and-execute pattern: "powershell -c \"irm https://astral.sh/uv/install.ps1 | iex\"".
SKILL.md:680
Shell profile modification
The skill suggests appending to a shell rc file, which is a persistence mechanism pattern: "echo 'export PATH=\"$HOME/.cargo/bin:$PATH\"' >> ~/.bashrc".

Fatores de risco

⚙️ Comandos externos (3)
SKILL.md:55 SKILL.md:58 SKILL.md:680

Padrões Detectados

curl pipe to shell installerPowerShell remote executionShell profile modification

Versão da auditoria 1

Crítico

Jan 4, 2026, 04:39 PM

The skill documentation contains download-and-execute patterns (curl | sh and PowerShell remote execution) that pose security risks, along with shell profile modification commands that could be used for persistence.

4
Arquivos analisados
860
Linhas analisadas
4
achados
claude
Auditado por

Problemas Críticos (3)

SKILL.md:55
Download and execute installer script
The skill instructs users to run a remote script via shell pipe, which is a download-and-execute pattern: "curl -LsSf https://astral.sh/uv/install.sh | sh".
SKILL.md:58
Download and execute PowerShell installer
The skill instructs users to execute a remote PowerShell script, which is a download-and-execute pattern: "powershell -c \"irm https://astral.sh/uv/install.ps1 | iex\"".
SKILL.md:680
Shell profile modification
The skill suggests appending to a shell rc file, which is a persistence mechanism pattern: "echo 'export PATH=\"$HOME/.cargo/bin:$PATH\"' >> ~/.bashrc".

Fatores de risco

⚙️ Comandos externos (3)
SKILL.md:55 SKILL.md:58 SKILL.md:680

Padrões Detectados

curl pipe to shell installerPowerShell remote executionShell profile modification
← Voltar para Skill