История аудитов - form-testing

Версия аудита 5

Последняя Низкий риск

Jan 16, 2026, 11:54 PM

The form-testing skill is a legitimate WordPress development tool. All detected patterns (Docker commands, email testing, file operations) are intentional functionality for testing WordPress email delivery. No malicious intent or data exfiltration patterns found.

3

Просканировано файлов

640

Проанализировано строк

3

находки

claude

Проверено

Проблемы низкого риска (1)

scripts/test-mail.sh:8

Hardcoded email address in test script

Default recipient email admin@csrdevelopment.com should be customized per environment

Факторы риска

⚙️ Внешние команды (2)

scripts/test-mail.sh:1-82 SKILL.md:13-267

🌐 Доступ к сети (2)

scripts/test-mail.sh:18-76 SKILL.md:99-106

Версия аудита 4

Низкий риск

Jan 16, 2026, 11:54 PM

The form-testing skill is a legitimate WordPress development tool. All detected patterns (Docker commands, email testing, file operations) are intentional functionality for testing WordPress email delivery. No malicious intent or data exfiltration patterns found.

3

Просканировано файлов

640

Проанализировано строк

3

находки

claude

Проверено

Проблемы низкого риска (1)

scripts/test-mail.sh:8

Hardcoded email address in test script

Default recipient email admin@csrdevelopment.com should be customized per environment

Факторы риска

⚙️ Внешние команды (2)

scripts/test-mail.sh:1-82 SKILL.md:13-267

🌐 Доступ к сети (2)

scripts/test-mail.sh:18-76 SKILL.md:99-106

Версия аудита 3

Низкий риск

Jan 10, 2026, 12:47 PM

The form-testing skill has limited security risk. It primarily executes Docker commands and WP-CLI operations for legitimate WordPress email testing purposes. The script reads SMTP configuration and sends test emails through WordPress's built-in wp_mail() function.

2

Просканировано файлов

393

Проанализировано строк

2

находки

claude

Проверено

Проблемы низкого риска (1)

scripts/test-mail.sh:8

Hardcoded email address in script

The test-mail.sh script contains a hardcoded email address (admin@csrdevelopment.com) as the default recipient. This could potentially expose internal email addresses if the script is shared or used in different environments.

Факторы риска

⚙️ Внешние команды (4)

scripts/test-mail.sh:20 scripts/test-mail.sh:29-45 scripts/test-mail.sh:50-76 SKILL.md:55-72

Версия аудита 2

Низкий риск

Jan 10, 2026, 12:47 PM

The form-testing skill has limited security risk. It primarily executes Docker commands and WP-CLI operations for legitimate WordPress email testing purposes. The script reads SMTP configuration and sends test emails through WordPress's built-in wp_mail() function.

2

Просканировано файлов

393

Проанализировано строк

2

находки

claude

Проверено

Проблемы низкого риска (1)

scripts/test-mail.sh:8

Hardcoded email address in script

The test-mail.sh script contains a hardcoded email address (admin@csrdevelopment.com) as the default recipient. This could potentially expose internal email addresses if the script is shared or used in different environments.

Факторы риска

⚙️ Внешние команды (4)

scripts/test-mail.sh:20 scripts/test-mail.sh:29-45 scripts/test-mail.sh:50-76 SKILL.md:55-72

Версия аудита 1

Низкий риск

Jan 10, 2026, 12:47 PM

The form-testing skill has limited security risk. It primarily executes Docker commands and WP-CLI operations for legitimate WordPress email testing purposes. The script reads SMTP configuration and sends test emails through WordPress's built-in wp_mail() function.

2

Просканировано файлов

393

Проанализировано строк

2

находки

claude

Проверено

Проблемы низкого риска (1)

scripts/test-mail.sh:8

Hardcoded email address in script

The test-mail.sh script contains a hardcoded email address (admin@csrdevelopment.com) as the default recipient. This could potentially expose internal email addresses if the script is shared or used in different environments.

Факторы риска

⚙️ Внешние команды (4)

scripts/test-mail.sh:20 scripts/test-mail.sh:29-45 scripts/test-mail.sh:50-76 SKILL.md:55-72