История аудитов - chatgpt-app-builder

Версия аудита 5

Последняя Низкий риск

Jan 16, 2026, 05:58 PM

This skill is a legitimate documentation and template builder for ChatGPT Apps. The static analyzer flagged 1322 potential issues, but all findings are false positives or benign patterns. The code uses secure crypto (crypto.randomUUID), properly blocks SSRF targets (AWS metadata), and contains only standard development patterns (env vars, fetch calls) documented in reference markdown files.

41

Просканировано файлов

12,112

Проанализировано строк

3

находки

claude

Проверено

Проблем безопасности не найдено

Факторы риска

📁 Доступ к файловой системе (2)

assets/server/src/index.ts:72-73 assets/server/src/widget/embed.ts:25-34

🌐 Доступ к сети (2)

assets/server/src/index.ts:51 assets/server/src/lib/image-proxy.ts:126

🔑 Переменные окружения (2)

assets/server/src/index.ts:49-51 assets/server/src/lib/api-client.ts:53-54

Версия аудита 4

Низкий риск

Jan 16, 2026, 05:58 PM

This skill is a legitimate documentation and template builder for ChatGPT Apps. The static analyzer flagged 1322 potential issues, but all findings are false positives or benign patterns. The code uses secure crypto (crypto.randomUUID), properly blocks SSRF targets (AWS metadata), and contains only standard development patterns (env vars, fetch calls) documented in reference markdown files.

41

Просканировано файлов

12,112

Проанализировано строк

3

находки

claude

Проверено

Проблем безопасности не найдено

Факторы риска

📁 Доступ к файловой системе (2)

assets/server/src/index.ts:72-73 assets/server/src/widget/embed.ts:25-34

🌐 Доступ к сети (2)

assets/server/src/index.ts:51 assets/server/src/lib/image-proxy.ts:126

🔑 Переменные окружения (2)

assets/server/src/index.ts:49-51 assets/server/src/lib/api-client.ts:53-54

Версия аудита 3

Низкий риск

Jan 10, 2026, 11:08 AM

This is a development framework skill for building ChatGPT Apps. The code includes legitimate MCP server implementation, API client, and React widget. Network and filesystem access are standard for server-side applications. Security patterns are well-documented including XSS prevention, SSRF protection, and rate limiting.

26

Просканировано файлов

3,012

Проанализировано строк

8

находки

claude

Проверено

Проблемы низкого риска (3)

assets/server/src/lib/api-client.ts:52-55

Environment variable access for API configuration

The API client reads environment variables (API_BASE_URL, API_TOKEN) at runtime. This is standard practice for configuration but could expose credentials if improperly set. The skill uses placeholders by default (API_TOKEN is empty string) and relies on user configuration.

assets/server/src/lib/image-proxy.ts:111-171

Image proxy fetches external URLs

The image proxy fetches external images from whitelisted domains to convert them to data URLs for CSP compliance. While domain whitelist and SSRF protection are implemented, the feature allows outbound HTTP requests from the server.

assets/server/src/index.ts:501 assets/server/src/index.ts:534

CORS allows wildcard in development

The MCP server sets Access-Control-Allow-Origin: "*" for SSE connections and POST messages. This is documented as development-only behavior and production deployments should configure specific origins per security documentation.

Факторы риска

🌐 Доступ к сети (2)

assets/server/src/lib/api-client.ts:57-83 assets/server/src/lib/image-proxy.ts:111-171

📁 Доступ к файловой системе (1)

assets/server/src/index.ts:61-96

🔑 Переменные окружения (2)

assets/server/src/index.ts:48-52 assets/server/src/lib/api-client.ts:52-55

⚡ Содержит скрипты (1)

scripts/validate-app-spec.py:1-270

⚙️ Внешние команды (2)

SKILL.md:186-202 SKILL.md:267-269

Версия аудита 2

Низкий риск

Jan 10, 2026, 11:08 AM

This is a development framework skill for building ChatGPT Apps. The code includes legitimate MCP server implementation, API client, and React widget. Network and filesystem access are standard for server-side applications. Security patterns are well-documented including XSS prevention, SSRF protection, and rate limiting.

26

Просканировано файлов

3,012

Проанализировано строк

8

находки

claude

Проверено

Проблемы низкого риска (3)

assets/server/src/lib/api-client.ts:52-55

Environment variable access for API configuration

The API client reads environment variables (API_BASE_URL, API_TOKEN) at runtime. This is standard practice for configuration but could expose credentials if improperly set. The skill uses placeholders by default (API_TOKEN is empty string) and relies on user configuration.

assets/server/src/lib/image-proxy.ts:111-171

Image proxy fetches external URLs

The image proxy fetches external images from whitelisted domains to convert them to data URLs for CSP compliance. While domain whitelist and SSRF protection are implemented, the feature allows outbound HTTP requests from the server.

assets/server/src/index.ts:501 assets/server/src/index.ts:534

CORS allows wildcard in development

The MCP server sets Access-Control-Allow-Origin: "*" for SSE connections and POST messages. This is documented as development-only behavior and production deployments should configure specific origins per security documentation.

Факторы риска

🌐 Доступ к сети (2)

assets/server/src/lib/api-client.ts:57-83 assets/server/src/lib/image-proxy.ts:111-171

📁 Доступ к файловой системе (1)

assets/server/src/index.ts:61-96

🔑 Переменные окружения (2)

assets/server/src/index.ts:48-52 assets/server/src/lib/api-client.ts:52-55

⚡ Содержит скрипты (1)

scripts/validate-app-spec.py:1-270

⚙️ Внешние команды (2)

SKILL.md:186-202 SKILL.md:267-269

Версия аудита 1

Низкий риск

Jan 10, 2026, 11:08 AM

This is a development framework skill for building ChatGPT Apps. The code includes legitimate MCP server implementation, API client, and React widget. Network and filesystem access are standard for server-side applications. Security patterns are well-documented including XSS prevention, SSRF protection, and rate limiting.

26

Просканировано файлов

3,012

Проанализировано строк

8

находки

claude

Проверено

Проблемы низкого риска (3)

assets/server/src/lib/api-client.ts:52-55

Environment variable access for API configuration

The API client reads environment variables (API_BASE_URL, API_TOKEN) at runtime. This is standard practice for configuration but could expose credentials if improperly set. The skill uses placeholders by default (API_TOKEN is empty string) and relies on user configuration.

assets/server/src/lib/image-proxy.ts:111-171

Image proxy fetches external URLs

The image proxy fetches external images from whitelisted domains to convert them to data URLs for CSP compliance. While domain whitelist and SSRF protection are implemented, the feature allows outbound HTTP requests from the server.

assets/server/src/index.ts:501 assets/server/src/index.ts:534

CORS allows wildcard in development

The MCP server sets Access-Control-Allow-Origin: "*" for SSE connections and POST messages. This is documented as development-only behavior and production deployments should configure specific origins per security documentation.

Факторы риска

🌐 Доступ к сети (2)

assets/server/src/lib/api-client.ts:57-83 assets/server/src/lib/image-proxy.ts:111-171

📁 Доступ к файловой системе (1)

assets/server/src/index.ts:61-96

🔑 Переменные окружения (2)

assets/server/src/index.ts:48-52 assets/server/src/lib/api-client.ts:52-55

⚡ Содержит скрипты (1)

scripts/validate-app-spec.py:1-270

⚙️ Внешние команды (2)

SKILL.md:186-202 SKILL.md:267-269