Навыки wp-project-triage История аудитов
📦

История аудитов

wp-project-triage - 6 аудиты

Версия аудита 6

Последняя Низкий риск

Jun 28, 2026, 11:57 AM

The static analyzer reported network, command execution, credential, and weak crypto patterns, but contextual review found these were false positives. The skill is a read-only WordPress repository detector that uses local filesystem reads and prints a structured report, so the remaining risk is limited to local repository inspection.

3
Просканировано файлов
776
Проанализировано строк
6
находки
codex
Проверено
Проблемы низкого риска (4)
scripts/detect_wp_project.mjs:26-30scripts/detect_wp_project.mjs:49-57scripts/detect_wp_project.mjs:197-215
Read-Only Repository File Scanning
The detector recursively reads repository files and scans wp-config.php for selected WordPress constants. It does not print secrets or send data, but users should expect local repository inspection.
references/triage.schema.json:2-3
Static Network Findings Dismissed
The hardcoded URLs are JSON Schema identifiers, not outbound requests. No fetch, HTTP client, curl, or wget usage was found in the reviewed files.
scripts/detect_wp_project.mjs:212-215scripts/detect_wp_project.mjs:270-275scripts/detect_wp_project.mjs:589SKILL.md:20-37
Static Command Execution Findings Dismissed
Backtick findings are JavaScript template literals used for regular expressions, recommendation strings, and stdout formatting. No child_process import or shell execution was found.
scripts/detect_wp_project.mjs:44-57scripts/detect_wp_project.mjs:141-147scripts/detect_wp_project.mjs:299-314scripts/detect_wp_project.mjs:440-443SKILL.md:3-35
Static Credential and Crypto Findings Dismissed
The sensitive and weak crypto detections match WordPress API names, Object.keys calls, path checks, and string includes. No certificate handling, key extraction, hashing, or encryption logic was found.

Факторы риска

⚡ Содержит скрипты (2)
SKILL.md:20 scripts/detect_wp_project.mjs:1-3
📁 Доступ к файловой системе (4)
scripts/detect_wp_project.mjs:20 scripts/detect_wp_project.mjs:28 scripts/detect_wp_project.mjs:101 scripts/detect_wp_project.mjs:335

Версия аудита 5

Низкий риск

Jan 16, 2026, 06:11 PM

Read-only filesystem scanner for WordPress project detection. No network calls, no command execution, no credential access. Static scanner false positives were caused by misidentified template literals as shell backticks, path.extname() as crypto functions, and standard schema URLs as network security issues.

4
Просканировано файлов
994
Проанализировано строк
1
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

📁 Доступ к файловой системе (1)
scripts/detect_wp_project.mjs:1-593

Версия аудита 4

Низкий риск

Jan 16, 2026, 06:11 PM

Read-only filesystem scanner for WordPress project detection. No network calls, no command execution, no credential access. Static scanner false positives were caused by misidentified template literals as shell backticks, path.extname() as crypto functions, and standard schema URLs as network security issues.

4
Просканировано файлов
994
Проанализировано строк
1
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

📁 Доступ к файловой системе (1)
scripts/detect_wp_project.mjs:1-593

Версия аудита 3

Низкий риск

Jan 10, 2026, 10:52 AM

Read-only filesystem scanner for WordPress project detection. No network calls, no command execution, no credential access. The tool safely inspects repository structure to determine project type and available tooling.

3
Просканировано файлов
593
Проанализировано строк
1
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

📁 Доступ к файловой системе (1)
scripts/detect_wp_project.mjs:1-593

Версия аудита 2

Низкий риск

Jan 10, 2026, 10:52 AM

Read-only filesystem scanner for WordPress project detection. No network calls, no command execution, no credential access. The tool safely inspects repository structure to determine project type and available tooling.

3
Просканировано файлов
593
Проанализировано строк
1
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

📁 Доступ к файловой системе (1)
scripts/detect_wp_project.mjs:1-593

Версия аудита 1

Низкий риск

Jan 10, 2026, 10:52 AM

Read-only filesystem scanner for WordPress project detection. No network calls, no command execution, no credential access. The tool safely inspects repository structure to determine project type and available tooling.

3
Просканировано файлов
593
Проанализировано строк
1
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

📁 Доступ к файловой системе (1)
scripts/detect_wp_project.mjs:1-593
← Назад к навыку