Навыки binary-re-dynamic-analysis История аудитов
📦

История аудитов

binary-re-dynamic-analysis - 5 аудиты

Версия аудита 5

Последняя Высокий риск

Jun 27, 2026, 04:03 PM

Static findings are mostly true positives because the skill intentionally documents commands that execute binaries, start privileged Docker containers, attach debuggers, trace processes, and read runtime files. Several IP address and log path alerts are false positives because they appear in example output, not active code. No prompt injection or confirmed malicious intent was found, but publication should require strong warnings and reviewer approval.

1
Просканировано файлов
564
Проанализировано строк
10
находки
codex
Проверено

Проблемы высокого риска (2)

SKILL.md:39-40
Privileged Docker Execution Guidance
The skill instructs users to run a Docker container with privileged mode to register emulation handlers. This is legitimate for binfmt setup, but it grants elevated host-level capabilities and can be dangerous with untrusted images or hosts.
SKILL.md:73-81SKILL.md:136-145SKILL.md:290-301SKILL.md:349-367
Execution of Potentially Untrusted Binaries
The skill provides many commands for running target binaries under QEMU, GDB, Frida, Docker, and on-device tools. Dynamic binary execution is inherently risky because samples may contain malware, exploit debuggers, or access local files and networks.
Проблемы среднего риска (3)
SKILL.md:349-367
Remote Debugging and File Transfer Workflows
The skill documents remote debugging over SSH and copying trace logs from a target device. These workflows can expose target systems or transfer sensitive runtime logs if used without authorization and isolation.
SKILL.md:144SKILL.md:170SKILL.md:404-420
Filesystem and Process Introspection Guidance
The skill instructs users to inspect /proc indicators, dump memory, source a local GDB file, and collect file access evidence. These are expected analysis activities, but they can expose sensitive host or target data.
SKILL.md:290-301
Container Mutation and Package Installation Examples
The Docker example creates a linker symlink and installs packages inside the container before executing the sample. This is common for dependency recovery, but it increases supply-chain and reproducibility risk.
Проблемы низкого риска (2)
SKILL.md:480-493SKILL.md:541-556
Documentation-Only Network and Log Examples
The hardcoded IP addresses and log paths appear in example output and journal templates. They do not show active exfiltration or log deletion in the skill file.
SKILL.md:2-3SKILL.md:35
Weak Crypto Static Alert Is a Name Collision
The weak cryptographic algorithm alert appears to be triggered by the word dynamic in the skill name and description. No evidence found of MD5, SHA1, DES, RC4, or cryptographic implementation logic.

Факторы риска

⚙️ Внешние команды (8)
SKILL.md:39-40 SKILL.md:78-81 SKILL.md:138-145 SKILL.md:290-301 SKILL.md:349-367 SKILL.md:375-383 SKILL.md:404-407 SKILL.md:420
🌐 Доступ к сети (4)
SKILL.md:114-118 SKILL.md:354-357 SKILL.md:480-493 SKILL.md:541-555
📁 Доступ к файловой системе (8)
SKILL.md:45-52 SKILL.md:144 SKILL.md:170 SKILL.md:295-298 SKILL.md:364-367 SKILL.md:404-420 SKILL.md:486-487 SKILL.md:540-542

Обнаруженные паттерны

Privileged Container SetupRuntime Execution and Debugging CommandsHost and Target Filesystem Access

Версия аудита 4

Низкий риск

Jan 21, 2026, 03:32 PM

This is a legitimate security research and reverse engineering skill for authorized binary analysis. All static findings are false positives related to documentation examples showing proper use of analysis tools. The skill requires explicit human approval before executing any binaries and emphasizes sandbox isolation. No malicious patterns detected.

2
Просканировано файлов
1,912
Проанализировано строк
3
находки
claude
Проверено
Проблемы низкого риска (1)
SKILL.md:1-564
Documentation Contains Security Tool Examples
The skill documentation includes examples of using QEMU, GDB, Frida, and strace for binary analysis. These are legitimate security research tools used for authorized reverse engineering. The skill explicitly requires human approval before execution and emphasizes sandbox configuration. All flagged patterns are documentation examples, not executable code.

Факторы риска

⚙️ Внешние команды (3)
SKILL.md:26-41 SKILL.md:73-107 SKILL.md:136-202
📁 Доступ к файловой системе (2)
SKILL.md:144 SKILL.md:404-428

Версия аудита 3

Средний риск

Jan 16, 2026, 12:36 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Просканировано файлов
741
Проанализировано строк
3
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

🌐 Доступ к сети (4)
SKILL.md:480 SKILL.md:493 SKILL.md:541 SKILL.md:555
⚙️ Внешние команды (88)
SKILL.md:26 SKILL.md:27 SKILL.md:29 SKILL.md:34-41 SKILL.md:41-45 SKILL.md:45-47 SKILL.md:47-53 SKILL.md:53-73 SKILL.md:73-82 SKILL.md:82-88 SKILL.md:88 SKILL.md:88-89 SKILL.md:89 SKILL.md:89-90 SKILL.md:90 SKILL.md:90-91 SKILL.md:91-95 SKILL.md:95-107 SKILL.md:107-113 SKILL.md:113-128 SKILL.md:128-136 SKILL.md:136-146 SKILL.md:146-150 SKILL.md:150-171 SKILL.md:171-177 SKILL.md:177-183 SKILL.md:183-187 SKILL.md:187-202 SKILL.md:202-217 SKILL.md:217-218 SKILL.md:218-224 SKILL.md:224-228 SKILL.md:228-246 SKILL.md:246-248 SKILL.md:248-251 SKILL.md:251-255 SKILL.md:255-269 SKILL.md:269-273 SKILL.md:273-281 SKILL.md:281-289 SKILL.md:289-303 SKILL.md:303-307 SKILL.md:307-312 SKILL.md:312-316 SKILL.md:316-321 SKILL.md:321-327 SKILL.md:327-329 SKILL.md:329-333 SKILL.md:333-339 SKILL.md:339-349 SKILL.md:349-358 SKILL.md:358-362 SKILL.md:362-368 SKILL.md:368-374 SKILL.md:374-384 SKILL.md:384-388 SKILL.md:388-394 SKILL.md:394-402 SKILL.md:402-414 SKILL.md:414-418 SKILL.md:418-421 SKILL.md:421-427 SKILL.md:427-428 SKILL.md:428-429 SKILL.md:429 SKILL.md:429-440 SKILL.md:440-441 SKILL.md:441 SKILL.md:441-442 SKILL.md:442 SKILL.md:442-443 SKILL.md:443-444 SKILL.md:444-445 SKILL.md:445 SKILL.md:445-446 SKILL.md:446-447 SKILL.md:447 SKILL.md:447-448 SKILL.md:448 SKILL.md:448-449 SKILL.md:449 SKILL.md:449-455 SKILL.md:455-497 SKILL.md:497-503 SKILL.md:503-529 SKILL.md:529-533 SKILL.md:533-557 SKILL.md:557-561
📁 Доступ к файловой системе (15)
SKILL.md:144 SKILL.md:144 SKILL.md:404 SKILL.md:413 SKILL.md:420 SKILL.md:428 SKILL.md:295 SKILL.md:298 SKILL.md:52 SKILL.md:170 SKILL.md:364 SKILL.md:367 SKILL.md:448 SKILL.md:295 SKILL.md:178

Обнаруженные паттерны

Hardcoded IP addressWeak cryptographic algorithmRuby/shell backtick executionHidden file in home directoryHidden file accessLinux /proc filesystem accessStandard device file accessTemp directory accessSymlink creationMemory-mapped file accessLog file deletionDocker privileged modeSystem reconnaissance

Версия аудита 2

Средний риск

Jan 16, 2026, 12:36 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Просканировано файлов
741
Проанализировано строк
3
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

🌐 Доступ к сети (4)
SKILL.md:480 SKILL.md:493 SKILL.md:541 SKILL.md:555
⚙️ Внешние команды (88)
SKILL.md:26 SKILL.md:27 SKILL.md:29 SKILL.md:34-41 SKILL.md:41-45 SKILL.md:45-47 SKILL.md:47-53 SKILL.md:53-73 SKILL.md:73-82 SKILL.md:82-88 SKILL.md:88 SKILL.md:88-89 SKILL.md:89 SKILL.md:89-90 SKILL.md:90 SKILL.md:90-91 SKILL.md:91-95 SKILL.md:95-107 SKILL.md:107-113 SKILL.md:113-128 SKILL.md:128-136 SKILL.md:136-146 SKILL.md:146-150 SKILL.md:150-171 SKILL.md:171-177 SKILL.md:177-183 SKILL.md:183-187 SKILL.md:187-202 SKILL.md:202-217 SKILL.md:217-218 SKILL.md:218-224 SKILL.md:224-228 SKILL.md:228-246 SKILL.md:246-248 SKILL.md:248-251 SKILL.md:251-255 SKILL.md:255-269 SKILL.md:269-273 SKILL.md:273-281 SKILL.md:281-289 SKILL.md:289-303 SKILL.md:303-307 SKILL.md:307-312 SKILL.md:312-316 SKILL.md:316-321 SKILL.md:321-327 SKILL.md:327-329 SKILL.md:329-333 SKILL.md:333-339 SKILL.md:339-349 SKILL.md:349-358 SKILL.md:358-362 SKILL.md:362-368 SKILL.md:368-374 SKILL.md:374-384 SKILL.md:384-388 SKILL.md:388-394 SKILL.md:394-402 SKILL.md:402-414 SKILL.md:414-418 SKILL.md:418-421 SKILL.md:421-427 SKILL.md:427-428 SKILL.md:428-429 SKILL.md:429 SKILL.md:429-440 SKILL.md:440-441 SKILL.md:441 SKILL.md:441-442 SKILL.md:442 SKILL.md:442-443 SKILL.md:443-444 SKILL.md:444-445 SKILL.md:445 SKILL.md:445-446 SKILL.md:446-447 SKILL.md:447 SKILL.md:447-448 SKILL.md:448 SKILL.md:448-449 SKILL.md:449 SKILL.md:449-455 SKILL.md:455-497 SKILL.md:497-503 SKILL.md:503-529 SKILL.md:529-533 SKILL.md:533-557 SKILL.md:557-561
📁 Доступ к файловой системе (15)
SKILL.md:144 SKILL.md:144 SKILL.md:404 SKILL.md:413 SKILL.md:420 SKILL.md:428 SKILL.md:295 SKILL.md:298 SKILL.md:52 SKILL.md:170 SKILL.md:364 SKILL.md:367 SKILL.md:448 SKILL.md:295 SKILL.md:178

Обнаруженные паттерны

Hardcoded IP addressWeak cryptographic algorithmRuby/shell backtick executionHidden file in home directoryHidden file accessLinux /proc filesystem accessStandard device file accessTemp directory accessSymlink creationMemory-mapped file accessLog file deletionDocker privileged modeSystem reconnaissance

Версия аудита 1

Низкий риск

Jan 10, 2026, 09:04 AM

Prompt-based skill providing instructional guidance for binary analysis. Contains example commands and scripts for educational purposes. Includes human-in-the-loop safety requirements before execution.

1
Просканировано файлов
564
Проанализировано строк
0
находки
claude
Проверено
Проблем безопасности не найдено
← Назад к навыку