История аудитов - binary-re-tool-setup

Версия аудита 5

Последняя Средний риск

Jun 27, 2026, 04:11 PM

The static findings are mostly true positives for documented setup commands, not hidden executable behavior. The skill contains privileged package installs, privileged Docker binfmt registration, remote installer execution, and shell configuration changes, so publication should include a clear warning for users to review commands before running them.

1

Просканировано файлов

486

Проанализировано строк

10

находки

codex

Проверено

Проблемы среднего риска (4)

SKILL.md:39-56 SKILL.md:78-89 SKILL.md:280-287

Privileged System Installation Commands

The skill instructs users to run package manager and build commands with elevated privileges. This is expected for tool setup, but it can modify the host operating system and install many packages.

SKILL.md:133-134 SKILL.md:418-419

Privileged Docker Binfmt Registration

The Docker setup uses privileged containers to register cross-architecture emulation handlers. This is a legitimate binfmt setup pattern, but privileged Docker grants broad host access during execution.

SKILL.md:228-230

Remote Shell Installer Execution

The GEF installation command pipes a remote script into a shell. This can be acceptable for developer setup, but it executes network-delivered code without local review.

SKILL.md:194-205 SKILL.md:217 SKILL.md:236-237 SKILL.md:473-485

Persistent Shell and Tool Configuration Changes

The skill recommends appending configuration to shell startup files and debugger configuration files. These changes are visible and tool-related, but they persist beyond the current session.

Проблемы низкого риска (3)

SKILL.md:37-61 SKILL.md:329-378 SKILL.md:386-392

Static Command Pattern Matches Are Mostly Documentation

Many external command detections are Markdown code fences and troubleshooting examples. They are not executed by the skill automatically, but users could copy and run them.

SKILL.md:1-10

No Prompt Injection Attempt Found

No text was found that asks the evaluator to ignore instructions, override policy, skip analysis, or treat the skill as pre-approved.

SKILL.md:3 SKILL.md:101 SKILL.md:126

Weak Cryptography Static Match Appears Incidental

The weak cryptography detections do not correspond to cryptographic implementation or security-sensitive crypto configuration in the reviewed context.

Факторы риска

⚙️ Внешние команды (5)

SKILL.md:37-61 SKILL.md:125-147 SKILL.md:228-238 SKILL.md:329-378 SKILL.md:416-423

🌐 Доступ к сети (5)

SKILL.md:210 SKILL.md:230 SKILL.md:236 SKILL.md:250 SKILL.md:283

📁 Доступ к файловой системе (6)

SKILL.md:89-92 SKILL.md:194-205 SKILL.md:217 SKILL.md:236-237 SKILL.md:387 SKILL.md:473-485

Обнаруженные паттерны

sudo and System Package Installationcurl Output Executed by ShellPrivileged Docker Container

Версия аудита 4

Средний риск

Jan 21, 2026, 03:37 PM

Legitimate reverse engineering tool setup skill. Static scanner flagged many patterns (external commands, sudo, Docker --privileged) that are standard for cross-platform tool installation. All high-severity findings evaluated as FALSE_POSITIVES - patterns are expected for reverse engineering tool installation workflows.

2

Просканировано файлов

2,108

Проанализировано строк

3

находки

claude

Проверено

Проблем безопасности не найдено

Факторы риска

⚙️ Внешние команды (100)

SKILL.md:37-61 SKILL.md:61-67 SKILL.md:67-72 SKILL.md:72-76 SKILL.md:76-96 SKILL.md:96-99 SKILL.md:99 SKILL.md:99-100 SKILL.md:100-105 SKILL.md:105-119 SKILL.md:119-123 SKILL.md:123-125 SKILL.md:125-147 SKILL.md:147-149 SKILL.md:149 SKILL.md:149-150 SKILL.md:150-156 SKILL.md:156-160 SKILL.md:160-163 SKILL.md:163-169 SKILL.md:169-184 SKILL.md:184-190 SKILL.md:190 SKILL.md:190-192 SKILL.md:192-195 SKILL.md:195-205 SKILL.md:205-209 SKILL.md:209-218 SKILL.md:218-221 SKILL.md:221-222 SKILL.md:222-224 SKILL.md:224-228 SKILL.md:228-238 SKILL.md:238-242 SKILL.md:242-251 SKILL.md:251-255 SKILL.md:255-260 SKILL.md:260-264 SKILL.md:264-274 SKILL.md:274-278 SKILL.md:278-291 SKILL.md:291-297 SKILL.md:297-299 SKILL.md:299-303 SKILL.md:303-307 SKILL.md:307-315 SKILL.md:315-319 SKILL.md:319-323 SKILL.md:323-329 SKILL.md:329-378 SKILL.md:378-386 SKILL.md:386 SKILL.md:386-387 SKILL.md:387 SKILL.md:387-388 SKILL.md:388 SKILL.md:388 SKILL.md:388-389 SKILL.md:389 SKILL.md:389-390 SKILL.md:390 SKILL.md:390 SKILL.md:390-391 SKILL.md:391 SKILL.md:391-392 SKILL.md:392-396 SKILL.md:396-402 SKILL.md:402-406 SKILL.md:406-412 SKILL.md:412-416 SKILL.md:416-423 SKILL.md:423-427 SKILL.md:427-431 SKILL.md:431-435 SKILL.md:435-439 SKILL.md:439-443 SKILL.md:443-449 SKILL.md:449-453 SKILL.md:453-459 SKILL.md:459-473 SKILL.md:473 SKILL.md:473-475 SKILL.md:475-485 SKILL.md:230 SKILL.md:228-238 SKILL.md:67 SKILL.md:68 SKILL.md:95 SKILL.md:100 SKILL.md:330 SKILL.md:39 SKILL.md:40 SKILL.md:49 SKILL.md:56 SKILL.md:78 SKILL.md:78 SKILL.md:89 SKILL.md:161 SKILL.md:280 SKILL.md:287

🌐 Доступ к сети (5)

SKILL.md:210 SKILL.md:230 SKILL.md:236 SKILL.md:250 SKILL.md:283

📁 Доступ к файловой системе (24)

Версия аудита 3

Средний риск

Jan 16, 2026, 12:51 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2

Просканировано файлов

662

Проанализировано строк

3

находки

claude

Проверено

Проблем безопасности не найдено

Факторы риска

⚙️ Внешние команды (100)

SKILL.md:37-61 SKILL.md:61-67 SKILL.md:67-72 SKILL.md:72-76 SKILL.md:76-96 SKILL.md:96-99 SKILL.md:99 SKILL.md:99-100 SKILL.md:100-105 SKILL.md:105-119 SKILL.md:119-123 SKILL.md:123-125 SKILL.md:125-147 SKILL.md:147-149 SKILL.md:149 SKILL.md:149-150 SKILL.md:150-156 SKILL.md:156-160 SKILL.md:160-163 SKILL.md:163-169 SKILL.md:169-184 SKILL.md:184-190 SKILL.md:190 SKILL.md:190-192 SKILL.md:192-195 SKILL.md:195-205 SKILL.md:205-209 SKILL.md:209-218 SKILL.md:218-221 SKILL.md:221-222 SKILL.md:222-224 SKILL.md:224-228 SKILL.md:228-238 SKILL.md:238-242 SKILL.md:242-251 SKILL.md:251-255 SKILL.md:255-260 SKILL.md:260-264 SKILL.md:264-274 SKILL.md:274-278 SKILL.md:278-291 SKILL.md:291-297 SKILL.md:297-299 SKILL.md:299-303 SKILL.md:303-307 SKILL.md:307-315 SKILL.md:315-319 SKILL.md:319-323 SKILL.md:323-329 SKILL.md:329-378 SKILL.md:378-386 SKILL.md:386 SKILL.md:386-387 SKILL.md:387 SKILL.md:387-388 SKILL.md:388 SKILL.md:388 SKILL.md:388-389 SKILL.md:389 SKILL.md:389-390 SKILL.md:390 SKILL.md:390 SKILL.md:390-391 SKILL.md:391 SKILL.md:391-392 SKILL.md:392-396 SKILL.md:396-402 SKILL.md:402-406 SKILL.md:406-412 SKILL.md:412-416 SKILL.md:416-423 SKILL.md:423-427 SKILL.md:427-431 SKILL.md:431-435 SKILL.md:435-439 SKILL.md:439-443 SKILL.md:443-449 SKILL.md:449-453 SKILL.md:453-459 SKILL.md:459-473 SKILL.md:473 SKILL.md:473-475 SKILL.md:475-485 SKILL.md:230 SKILL.md:228-238 SKILL.md:67 SKILL.md:68 SKILL.md:95 SKILL.md:100 SKILL.md:330 SKILL.md:39 SKILL.md:40 SKILL.md:49 SKILL.md:56 SKILL.md:78 SKILL.md:78 SKILL.md:89 SKILL.md:161 SKILL.md:280 SKILL.md:287

🌐 Доступ к сети (5)

SKILL.md:210 SKILL.md:230 SKILL.md:236 SKILL.md:250 SKILL.md:283

📁 Доступ к файловой системе (24)

Обнаруженные паттерны

sudo privilege escalationHardcoded URLWeak cryptographic algorithmSystem reconnaissanceRuby/shell backtick executionShell command substitutionTemplate literal with command substitutionPowerShell invocationUnix shell invocationHidden file in home directoryHidden file accessLinux /proc filesystem accessLinux /sys filesystem accessStandard device file accessTemp directory accessSymlink creationDocker privileged modeNetwork reconnaissance

Версия аудита 2

Средний риск

Jan 16, 2026, 12:51 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2

Просканировано файлов

662

Проанализировано строк

3

находки

claude

Проверено

Проблем безопасности не найдено

Факторы риска

⚙️ Внешние команды (100)

SKILL.md:37-61 SKILL.md:61-67 SKILL.md:67-72 SKILL.md:72-76 SKILL.md:76-96 SKILL.md:96-99 SKILL.md:99 SKILL.md:99-100 SKILL.md:100-105 SKILL.md:105-119 SKILL.md:119-123 SKILL.md:123-125 SKILL.md:125-147 SKILL.md:147-149 SKILL.md:149 SKILL.md:149-150 SKILL.md:150-156 SKILL.md:156-160 SKILL.md:160-163 SKILL.md:163-169 SKILL.md:169-184 SKILL.md:184-190 SKILL.md:190 SKILL.md:190-192 SKILL.md:192-195 SKILL.md:195-205 SKILL.md:205-209 SKILL.md:209-218 SKILL.md:218-221 SKILL.md:221-222 SKILL.md:222-224 SKILL.md:224-228 SKILL.md:228-238 SKILL.md:238-242 SKILL.md:242-251 SKILL.md:251-255 SKILL.md:255-260 SKILL.md:260-264 SKILL.md:264-274 SKILL.md:274-278 SKILL.md:278-291 SKILL.md:291-297 SKILL.md:297-299 SKILL.md:299-303 SKILL.md:303-307 SKILL.md:307-315 SKILL.md:315-319 SKILL.md:319-323 SKILL.md:323-329 SKILL.md:329-378 SKILL.md:378-386 SKILL.md:386 SKILL.md:386-387 SKILL.md:387 SKILL.md:387-388 SKILL.md:388 SKILL.md:388 SKILL.md:388-389 SKILL.md:389 SKILL.md:389-390 SKILL.md:390 SKILL.md:390 SKILL.md:390-391 SKILL.md:391 SKILL.md:391-392 SKILL.md:392-396 SKILL.md:396-402 SKILL.md:402-406 SKILL.md:406-412 SKILL.md:412-416 SKILL.md:416-423 SKILL.md:423-427 SKILL.md:427-431 SKILL.md:431-435 SKILL.md:435-439 SKILL.md:439-443 SKILL.md:443-449 SKILL.md:449-453 SKILL.md:453-459 SKILL.md:459-473 SKILL.md:473 SKILL.md:473-475 SKILL.md:475-485 SKILL.md:230 SKILL.md:228-238 SKILL.md:67 SKILL.md:68 SKILL.md:95 SKILL.md:100 SKILL.md:330 SKILL.md:39 SKILL.md:40 SKILL.md:49 SKILL.md:56 SKILL.md:78 SKILL.md:78 SKILL.md:89 SKILL.md:161 SKILL.md:280 SKILL.md:287

🌐 Доступ к сети (5)

SKILL.md:210 SKILL.md:230 SKILL.md:236 SKILL.md:250 SKILL.md:283

📁 Доступ к файловой системе (24)

Обнаруженные паттерны

sudo privilege escalationHardcoded URLWeak cryptographic algorithmSystem reconnaissanceRuby/shell backtick executionShell command substitutionTemplate literal with command substitutionPowerShell invocationUnix shell invocationHidden file in home directoryHidden file accessLinux /proc filesystem accessLinux /sys filesystem accessStandard device file accessTemp directory accessSymlink creationDocker privileged modeNetwork reconnaissance

Версия аудита 1

Безопасно

Jan 10, 2026, 09:07 AM

This is a pure documentation skill containing only installation instructions and verification commands. No executable code, no network calls, no file system writes outside its own directory. All bash commands are example snippets for users to copy and run manually.

1

Просканировано файлов

486

Проанализировано строк

0

находки

claude

Проверено

Проблем безопасности не найдено