Навыки binary-re-triage История аудитов
📦

История аудитов

binary-re-triage - 4 аудиты

Версия аудита 4

Последняя Средний риск

Jun 27, 2026, 04:14 PM

The static command findings are mostly true in form but low-risk in context: the skill documents local file, rabin2, readelf, jq, and grep usage for binary triage. No malicious intent, prompt injection, credential exfiltration, or real network activity was found. Risk remains medium because users may parse untrusted binaries with external tools.

1
Просканировано файлов
268
Проанализировано строк
8
Review items
0
False positives ignored

Confirmed security concerns (1)

Низкий
False Positive: Weak Cryptography Was Not Found
The flagged description line discusses binary fingerprinting with rabin2. No weak cryptographic algorithm or cryptographic implementation appears in the reviewed file.
The line contains skill metadata about architecture detection and file analysis. I found no DES, MD5, SHA1, RC4, or similar weak crypto usage there.
Capability review items (4)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Средний
Local External Tool Execution for Untrusted Binary Triage
The skill instructs users to run file, rabin2, readelf, jq, and grep against unknown binaries. This is expected for the skill, but parsers can be exposed to malicious inputs.
The command examples are clearly present and semantically tied to binary triage. Risk is limited because they analyze files rather than execute target binaries, and no shell interpolation is shown.
Низкий
Sensitive Strings May Be Surfaced in Triage Output
The string scan explicitly searches for paths, passwords, keys, and tokens. This can reveal embedded secrets in reports or journals if users do not redact outputs.
The filter terms include pass, key, and token, and the skill asks users to record triage results. This is a data handling concern, not evidence of exfiltration.
Низкий
False Positive: Example URL Is Not Network Access
The hardcoded URL appears only inside an example output object. The skill does not instruct the agent to fetch, post, or contact that URL.
The URL is embedded in a sample strings_of_interest result. No network client command or data transmission path is present around this line.
Низкий
False Positive: Filesystem and Memory Terms Are Contextual
The /dev/null use is output redirection, and mmap or mprotect are import names in a capability table. These are not active memory-mapped file operations.
Line 65 suppresses readelf stderr, and line 149 is a static capability mapping row. Neither location implements file mapping or memory protection changes.

Факторы риска

⚙️ Внешние команды (7)
🌐 Доступ к сети (1)
📁 Доступ к файловой системе (2)

Обнаруженные паттерны

Shell Commands in Documentation
Аудитор:: codex

Версия аудита 3

Безопасно

Jan 16, 2026, 12:54 PM

This is a documentation-only skill providing guidance for binary reverse engineering analysis. The skill contains no executable code - only markdown documentation describing how to run standard Unix analysis tools (file, rabin2, readelf) for identifying unknown binaries. All patterns flagged as concerning (C2 keywords, crypto references, mmap) are legitimate security research terminology used to describe what analysts should look FOR when analyzing potentially malicious binaries, not how to create them. This is standard security research documentation from a legitimate reverse engineering workflow.

2
Просканировано файлов
448
Проанализировано строк
3
Review items
0
False positives ignored
Аудитор:: claude

Версия аудита 2

Безопасно

Jan 16, 2026, 12:54 PM

This is a documentation-only skill providing guidance for binary reverse engineering analysis. The skill contains no executable code - only markdown documentation describing how to run standard Unix analysis tools (file, rabin2, readelf) for identifying unknown binaries. All patterns flagged as concerning (C2 keywords, crypto references, mmap) are legitimate security research terminology used to describe what analysts should look FOR when analyzing potentially malicious binaries, not how to create them. This is standard security research documentation from a legitimate reverse engineering workflow.

2
Просканировано файлов
448
Проанализировано строк
3
Review items
0
False positives ignored
Аудитор:: claude

Версия аудита 1

Безопасно

Jan 10, 2026, 09:09 AM

This is a prompt-based skill containing only documentation and guidance for binary analysis. No executable code, no network access, no file system modifications beyond reading binary files for analysis. The skill describes running standard Unix analysis tools (file, rabin2, readelf) which is expected and appropriate for its stated purpose.

1
Просканировано файлов
268
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude