Навыки binary-re-dynamic-analysis История аудитов
📦

История аудитов

binary-re-dynamic-analysis - 5 аудиты

Версия аудита 5

Последняя Высокий риск

Jun 27, 2026, 04:03 PM

Static findings are mostly true positives because the skill intentionally documents commands that execute binaries, start privileged Docker containers, attach debuggers, trace processes, and read runtime files. Several IP address and log path alerts are false positives because they appear in example output, not active code. No prompt injection or confirmed malicious intent was found, but publication should require strong warnings and reviewer approval.

1
Просканировано файлов
564
Проанализировано строк
10
находки
codex
Проверено

Проблемы высокого риска (2)

Privileged Docker Execution Guidance
The skill instructs users to run a Docker container with privileged mode to register emulation handlers. This is legitimate for binfmt setup, but it grants elevated host-level capabilities and can be dangerous with untrusted images or hosts.
Execution of Potentially Untrusted Binaries
The skill provides many commands for running target binaries under QEMU, GDB, Frida, Docker, and on-device tools. Dynamic binary execution is inherently risky because samples may contain malware, exploit debuggers, or access local files and networks.
Проблемы среднего риска (3)
Remote Debugging and File Transfer Workflows
The skill documents remote debugging over SSH and copying trace logs from a target device. These workflows can expose target systems or transfer sensitive runtime logs if used without authorization and isolation.
Filesystem and Process Introspection Guidance
The skill instructs users to inspect /proc indicators, dump memory, source a local GDB file, and collect file access evidence. These are expected analysis activities, but they can expose sensitive host or target data.
Container Mutation and Package Installation Examples
The Docker example creates a linker symlink and installs packages inside the container before executing the sample. This is common for dependency recovery, but it increases supply-chain and reproducibility risk.
Проблемы низкого риска (2)
Documentation-Only Network and Log Examples
The hardcoded IP addresses and log paths appear in example output and journal templates. They do not show active exfiltration or log deletion in the skill file.
Weak Crypto Static Alert Is a Name Collision
The weak cryptographic algorithm alert appears to be triggered by the word dynamic in the skill name and description. No evidence found of MD5, SHA1, DES, RC4, or cryptographic implementation logic.

Обнаруженные паттерны

Privileged Container SetupRuntime Execution and Debugging CommandsHost and Target Filesystem Access

Версия аудита 4

Низкий риск

Jan 21, 2026, 03:32 PM

This is a legitimate security research and reverse engineering skill for authorized binary analysis. All static findings are false positives related to documentation examples showing proper use of analysis tools. The skill requires explicit human approval before executing any binaries and emphasizes sandbox isolation. No malicious patterns detected.

2
Просканировано файлов
1,912
Проанализировано строк
3
находки
claude
Проверено
Проблемы низкого риска (1)
Documentation Contains Security Tool Examples
The skill documentation includes examples of using QEMU, GDB, Frida, and strace for binary analysis. These are legitimate security research tools used for authorized reverse engineering. The skill explicitly requires human approval before execution and emphasizes sandbox configuration. All flagged patterns are documentation examples, not executable code.

Факторы риска

⚙️ Внешние команды (3)
📁 Доступ к файловой системе (2)

Версия аудита 3

Средний риск

Jan 16, 2026, 12:36 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Просканировано файлов
741
Проанализировано строк
3
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

🌐 Доступ к сети (4)
⚙️ Внешние команды (88)
📁 Доступ к файловой системе (15)

Обнаруженные паттерны

Hardcoded IP addressWeak cryptographic algorithmRuby/shell backtick executionHidden file in home directoryHidden file accessLinux /proc filesystem accessStandard device file accessTemp directory accessSymlink creationMemory-mapped file accessLog file deletionDocker privileged modeSystem reconnaissance

Версия аудита 2

Средний риск

Jan 16, 2026, 12:36 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Просканировано файлов
741
Проанализировано строк
3
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

🌐 Доступ к сети (4)
⚙️ Внешние команды (88)
📁 Доступ к файловой системе (15)

Обнаруженные паттерны

Hardcoded IP addressWeak cryptographic algorithmRuby/shell backtick executionHidden file in home directoryHidden file accessLinux /proc filesystem accessStandard device file accessTemp directory accessSymlink creationMemory-mapped file accessLog file deletionDocker privileged modeSystem reconnaissance

Версия аудита 1

Низкий риск

Jan 10, 2026, 09:04 AM

Prompt-based skill providing instructional guidance for binary analysis. Contains example commands and scripts for educational purposes. Includes human-in-the-loop safety requirements before execution.

1
Просканировано файлов
564
Проанализировано строк
0
находки
claude
Проверено
Проблем безопасности не найдено