Навыки working-on-ancplua-plugins История аудитов
📦

История аудитов

working-on-ancplua-plugins - 6 аудиты

Версия аудита 6

Последняя Средний риск

Jun 28, 2026, 08:43 AM

Static analysis flagged many high-risk patterns, but review found they are markdown documentation examples rather than executable code. The remaining risk is that the skill asks agents to run local validation, permission, search, and log-inspection commands, so use should stay within a trusted repository.

4
Просканировано файлов
394
Проанализировано строк
8
находки
codex
Проверено
Проблемы среднего риска (2)
Agent-Run Shell Command Guidance
The skill contains shell command examples for validation, marketplace sync, JSON checks, path searches, and permission changes. These commands are legitimate repository workflows, but an agent could affect local files if used outside a trusted checkout.
Local Filesystem and Log Inspection Guidance
The skill describes plugin directories, hidden configuration directories, executable script permissions, and Claude Code log locations. This is normal debugging guidance, but logs can contain sensitive local context.
Проблемы низкого риска (3)
Hardcoded Documentation URLs Are Benign
The hardcoded URLs point to official Claude Code documentation, Conventional Commits documentation, and the source repository. They are references and manifest examples, not network calls or data exfiltration.
Weak Crypto Matches Are Markdown False Positives
The weak-cryptography detections map to markdown filenames, table rows, version examples, or skill references. No hashing API, cipher selection, credential handling, or cryptographic implementation was found in the reviewed files.
Ruby Backtick Matches Are Markdown Formatting
Most external-command detections are caused by inline code ticks and fenced examples in markdown. The package does not include Ruby files or executable scripts that use shell backtick execution.

Обнаруженные паттерны

Manual Local Command Execution Examples

Версия аудита 5

Безопасно

Jan 16, 2026, 04:32 PM

This is a documentation-only skill. The static analyzer flagged markdown code formatting (backticks) and documentation links as security issues. All 162 findings are false positives. This skill provides conventions, validation commands, and debugging steps in markdown only. No executable code, file system access, network calls, or environment variable access occurs.

5
Просканировано файлов
594
Проанализировано строк
3
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

⚙️ Внешние команды (114)
references/conventions.md:9 references/conventions.md:14-16 references/conventions.md:16-20 references/conventions.md:20-22 references/conventions.md:22-26 references/conventions.md:26 references/conventions.md:26 references/conventions.md:26-28 references/conventions.md:28 references/conventions.md:28 references/conventions.md:28 references/conventions.md:28-33 references/conventions.md:33 references/conventions.md:33-39 references/conventions.md:39-42 references/conventions.md:42-57 references/conventions.md:57-67 references/conventions.md:67-68 references/conventions.md:68-69 references/conventions.md:69-70 references/conventions.md:70 references/conventions.md:70-71 references/conventions.md:71-72 references/conventions.md:72-73 references/conventions.md:73-81 references/conventions.md:81 references/conventions.md:81-82 references/conventions.md:82 references/conventions.md:82-83 references/conventions.md:83-84 references/conventions.md:84 references/conventions.md:84-85 references/conventions.md:85-91 references/conventions.md:91 references/conventions.md:91 references/conventions.md:91-93 references/conventions.md:93-94 references/conventions.md:94-95 references/conventions.md:95-104 references/conventions.md:104-105 references/instrumentation.md:9-16 references/instrumentation.md:16-20 references/instrumentation.md:20-22 references/instrumentation.md:22 references/instrumentation.md:22 references/instrumentation.md:22 references/instrumentation.md:22-24 references/instrumentation.md:24-36 references/instrumentation.md:36-38 references/instrumentation.md:38 references/instrumentation.md:38-40 references/instrumentation.md:40-44 references/instrumentation.md:44-51 references/instrumentation.md:51-55 references/instrumentation.md:55-57 references/instrumentation.md:57-66 references/instrumentation.md:66-68 references/instrumentation.md:68 references/instrumentation.md:68-72 references/instrumentation.md:72-73 references/instrumentation.md:73-76 references/instrumentation.md:76-82 references/instrumentation.md:82-86 references/instrumentation.md:86 references/instrumentation.md:86 references/instrumentation.md:86-88 references/instrumentation.md:88-89 references/instrumentation.md:89-97 references/instrumentation.md:97-98 references/instrumentation.md:98-99 references/instrumentation.md:99-101 references/instrumentation.md:101-102 references/instrumentation.md:102 references/testing.md:7-9 references/testing.md:9-15 references/testing.md:15-16 references/testing.md:16-17 references/testing.md:17-18 references/testing.md:18-19 references/testing.md:19-25 references/testing.md:25-27 references/testing.md:27-41 references/testing.md:41-42 references/testing.md:42-43 references/testing.md:43-47 references/testing.md:47-53 references/testing.md:53-56 references/testing.md:56-62 references/testing.md:62-67 references/testing.md:67-73 references/testing.md:73-78 references/testing.md:78-84 references/testing.md:84 references/testing.md:84-90 references/testing.md:90-96 references/testing.md:96-100 references/testing.md:100-101 references/testing.md:101-102 references/testing.md:102-103 references/testing.md:103-104 references/testing.md:104-105 references/testing.md:105 SKILL.md:11 SKILL.md:18 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:44-46 SKILL.md:46-50 SKILL.md:50-52 SKILL.md:52-56 SKILL.md:56-58 SKILL.md:58-62 SKILL.md:62-77
🌐 Доступ к сети (12)
📁 Доступ к файловой системе (4)

Версия аудита 4

Безопасно

Jan 16, 2026, 04:32 PM

This is a documentation-only skill. The static analyzer flagged markdown code formatting (backticks) and documentation links as security issues. All 162 findings are false positives. This skill provides conventions, validation commands, and debugging steps in markdown only. No executable code, file system access, network calls, or environment variable access occurs.

5
Просканировано файлов
594
Проанализировано строк
3
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

⚙️ Внешние команды (114)
references/conventions.md:9 references/conventions.md:14-16 references/conventions.md:16-20 references/conventions.md:20-22 references/conventions.md:22-26 references/conventions.md:26 references/conventions.md:26 references/conventions.md:26-28 references/conventions.md:28 references/conventions.md:28 references/conventions.md:28 references/conventions.md:28-33 references/conventions.md:33 references/conventions.md:33-39 references/conventions.md:39-42 references/conventions.md:42-57 references/conventions.md:57-67 references/conventions.md:67-68 references/conventions.md:68-69 references/conventions.md:69-70 references/conventions.md:70 references/conventions.md:70-71 references/conventions.md:71-72 references/conventions.md:72-73 references/conventions.md:73-81 references/conventions.md:81 references/conventions.md:81-82 references/conventions.md:82 references/conventions.md:82-83 references/conventions.md:83-84 references/conventions.md:84 references/conventions.md:84-85 references/conventions.md:85-91 references/conventions.md:91 references/conventions.md:91 references/conventions.md:91-93 references/conventions.md:93-94 references/conventions.md:94-95 references/conventions.md:95-104 references/conventions.md:104-105 references/instrumentation.md:9-16 references/instrumentation.md:16-20 references/instrumentation.md:20-22 references/instrumentation.md:22 references/instrumentation.md:22 references/instrumentation.md:22 references/instrumentation.md:22-24 references/instrumentation.md:24-36 references/instrumentation.md:36-38 references/instrumentation.md:38 references/instrumentation.md:38-40 references/instrumentation.md:40-44 references/instrumentation.md:44-51 references/instrumentation.md:51-55 references/instrumentation.md:55-57 references/instrumentation.md:57-66 references/instrumentation.md:66-68 references/instrumentation.md:68 references/instrumentation.md:68-72 references/instrumentation.md:72-73 references/instrumentation.md:73-76 references/instrumentation.md:76-82 references/instrumentation.md:82-86 references/instrumentation.md:86 references/instrumentation.md:86 references/instrumentation.md:86-88 references/instrumentation.md:88-89 references/instrumentation.md:89-97 references/instrumentation.md:97-98 references/instrumentation.md:98-99 references/instrumentation.md:99-101 references/instrumentation.md:101-102 references/instrumentation.md:102 references/testing.md:7-9 references/testing.md:9-15 references/testing.md:15-16 references/testing.md:16-17 references/testing.md:17-18 references/testing.md:18-19 references/testing.md:19-25 references/testing.md:25-27 references/testing.md:27-41 references/testing.md:41-42 references/testing.md:42-43 references/testing.md:43-47 references/testing.md:47-53 references/testing.md:53-56 references/testing.md:56-62 references/testing.md:62-67 references/testing.md:67-73 references/testing.md:73-78 references/testing.md:78-84 references/testing.md:84 references/testing.md:84-90 references/testing.md:90-96 references/testing.md:96-100 references/testing.md:100-101 references/testing.md:101-102 references/testing.md:102-103 references/testing.md:103-104 references/testing.md:104-105 references/testing.md:105 SKILL.md:11 SKILL.md:18 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:44-46 SKILL.md:46-50 SKILL.md:50-52 SKILL.md:52-56 SKILL.md:56-58 SKILL.md:58-62 SKILL.md:62-77
🌐 Доступ к сети (12)
📁 Доступ к файловой системе (4)

Версия аудита 3

Безопасно

Jan 10, 2026, 09:56 AM

Documentation-only skill with no code execution, file system access, network calls, or environment variable access. Contains markdown files providing guidelines and conventions for plugin development.

4
Просканировано файлов
380
Проанализировано строк
0
находки
claude
Проверено
Проблем безопасности не найдено

Версия аудита 2

Безопасно

Jan 10, 2026, 09:56 AM

Documentation-only skill with no code execution, file system access, network calls, or environment variable access. Contains markdown files providing guidelines and conventions for plugin development.

4
Просканировано файлов
380
Проанализировано строк
0
находки
claude
Проверено
Проблем безопасности не найдено

Версия аудита 1

Безопасно

Jan 10, 2026, 09:56 AM

Documentation-only skill with no code execution, file system access, network calls, or environment variable access. Contains markdown files providing guidelines and conventions for plugin development.

4
Просканировано файлов
380
Проанализировано строк
0
находки
claude
Проверено
Проблем безопасности не найдено