Навыки tests-maintenance История аудитов
🧪

История аудитов

tests-maintenance - 4 аудиты

Версия аудита 4

Последняя Безопасно

Jan 17, 2026, 06:41 AM

This is a legitimate test maintenance skill from JetBrains for the IdeaVim project. All 74 static findings are false positives: SHA-256 hash identifiers in metadata were misidentified as cryptographic algorithms, markdown code blocks and documentation tables were misidentified as shell execution, and standard dev commands were misidentified as reconnaissance. The skill only provides guidance for test quality review and does not execute code automatically.

2
Просканировано файлов
447
Проанализировано строк
2
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

⚙️ Внешние команды (1)
SKILL.md:27-36
📁 Доступ к файловой системе (1)
SKILL.md:32-35

Версия аудита 3

Безопасно

Jan 17, 2026, 06:41 AM

This is a legitimate test maintenance skill from JetBrains for the IdeaVim project. All 74 static findings are false positives: SHA-256 hash identifiers in metadata were misidentified as cryptographic algorithms, markdown code blocks and documentation tables were misidentified as shell execution, and standard dev commands were misidentified as reconnaissance. The skill only provides guidance for test quality review and does not execute code automatically.

2
Просканировано файлов
447
Проанализировано строк
2
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

⚙️ Внешние команды (1)
SKILL.md:27-36
📁 Доступ к файловой системе (1)
SKILL.md:32-35

Версия аудита 2

Низкий риск

Jan 5, 2026, 03:46 PM

This is a prompt-based test maintenance skill from JetBrains. It provides guidance for reviewing test quality but does not execute code automatically. The skill references shell commands for test discovery and gradle for test execution, matching its documented purpose of test maintenance.

3
Просканировано файлов
236
Проанализировано строк
3
находки
claude
Проверено
Проблемы низкого риска (1)
SKILL.md:27-186
Shell command references in skill prompt
The skill references shell commands (find, grep, shuf) and gradle commands for test discovery and execution. While these are standard development tools appropriate for a test maintenance skill, shell command execution carries inherent risk if commands are dynamically constructed. In this case, commands are hardcoded patterns in the prompt instructions.

Факторы риска

⚙️ Внешние команды (6)
SKILL.md:27-36 SKILL.md:44-47 SKILL.md:50 SKILL.md:59-65 SKILL.md:105-107 SKILL.md:174-186
📁 Доступ к файловой системе (4)
SKILL.md:32-35 SKILL.md:46-47 SKILL.md:61-65 SKILL.md:106-107

Версия аудита 1

Низкий риск

Jan 5, 2026, 03:46 PM

This is a prompt-based test maintenance skill from JetBrains. It provides guidance for reviewing test quality but does not execute code automatically. The skill references shell commands for test discovery and gradle for test execution, matching its documented purpose of test maintenance.

3
Просканировано файлов
236
Проанализировано строк
3
находки
claude
Проверено
Проблемы низкого риска (1)
SKILL.md:27-186
Shell command references in skill prompt
The skill references shell commands (find, grep, shuf) and gradle commands for test discovery and execution. While these are standard development tools appropriate for a test maintenance skill, shell command execution carries inherent risk if commands are dynamically constructed. In this case, commands are hardcoded patterns in the prompt instructions.

Факторы риска

⚙️ Внешние команды (6)
SKILL.md:27-36 SKILL.md:44-47 SKILL.md:50 SKILL.md:59-65 SKILL.md:105-107 SKILL.md:174-186
📁 Доступ к файловой системе (4)
SKILL.md:32-35 SKILL.md:46-47 SKILL.md:61-65 SKILL.md:106-107
← Назад к навыку