История аудитов - patchright-skill

Версия аудита 3

Последняя Низкий риск

Jan 17, 2026, 08:16 AM

Legitimate browser automation skill using Patchright. All 201 static findings are false positives. The evaluate tool executes JavaScript in browser context for automation, screenshots are saved locally to files (no upload), hardcoded URLs are for documentation examples, and hidden file references are to standard skill installation paths. No credential exfiltration, data theft, or malicious patterns found. The skill intentionally restricts access to localhost and private IP addresses only.

12

Просканировано файлов

3,075

Проанализировано строк

3

находки

claude

Проверено

Проблем безопасности не найдено

Факторы риска

📁 Доступ к файловой системе (2)

scripts/executor.py:79-94 scripts/server.py:70-75

🌐 Доступ к сети (2)

scripts/server.py:64-68 scripts/executor.py:71-76

⚙️ Внешние команды (2)

SKILL.md:49-67 reference.md:10-22

Версия аудита 2

Низкий риск

Jan 17, 2026, 08:16 AM

Legitimate browser automation skill using Patchright. All 201 static findings are false positives. The evaluate tool executes JavaScript in browser context for automation, screenshots are saved locally to files (no upload), hardcoded URLs are for documentation examples, and hidden file references are to standard skill installation paths. No credential exfiltration, data theft, or malicious patterns found. The skill intentionally restricts access to localhost and private IP addresses only.

12

Просканировано файлов

3,075

Проанализировано строк

3

находки

claude

Проверено

Проблем безопасности не найдено

Факторы риска

📁 Доступ к файловой системе (2)

scripts/executor.py:79-94 scripts/server.py:70-75

🌐 Доступ к сети (2)

scripts/server.py:64-68 scripts/executor.py:71-76

⚙️ Внешние команды (2)

SKILL.md:49-67 reference.md:10-22

Версия аудита 1

Средний риск

Jan 13, 2026, 11:22 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

11

Просканировано файлов

1,412

Проанализировано строк

3

находки

claude

Проверено

Проблем безопасности не найдено

Факторы риска

⚙️ Внешние команды (61)

reference.md:11 reference.md:13-22 reference.md:22-25 reference.md:25-27 reference.md:27-29 reference.md:29-41 reference.md:41-55 reference.md:55-58 reference.md:58-63 reference.md:63-76 reference.md:76-80 reference.md:80-99 reference.md:99-103 reference.md:103-143 reference.md:143-151 reference.md:151-152 reference.md:152-155 reference.md:155-158 reference.md:158-160 reference.md:160-163 reference.md:163-167 reference.md:167-169 reference.md:169-170 reference.md:170-173 scripts/README.md:12-15 scripts/README.md:15-21 scripts/README.md:21-24 scripts/README.md:24-28 scripts/README.md:28-31 scripts/README.md:31-36 scripts/README.md:36-38 scripts/README.md:38-41 scripts/README.md:41-43 scripts/README.md:43-46 scripts/README.md:46-52 scripts/README.md:52-55 scripts/README.md:55-57 scripts/README.md:57-76 scripts/README.md:76-79 scripts/README.md:79-85 scripts/README.md:85-88 scripts/README.md:88-93 SKILL.md:51-54 SKILL.md:54-58 SKILL.md:58-67 SKILL.md:67-73 SKILL.md:73-85 SKILL.md:85-89 SKILL.md:89-98 SKILL.md:98-102 SKILL.md:102-111 SKILL.md:111-115 SKILL.md:115-118 SKILL.md:118-139 SKILL.md:139-157 SKILL.md:157-161 SKILL.md:161-171 SKILL.md:171-175 SKILL.md:175-195 SKILL.md:195-209 SKILL.md:209-212

🌐 Доступ к сети (14)

reference.md:57 reference.md:89 scripts/executor.py:9 scripts/executor.py:267 scripts/google_search.py:43 scripts/README.md:49 scripts/server.py:159 scripts/server.py:177 SKILL.md:14 SKILL.md:14 SKILL.md:81 SKILL.md:145 SKILL.md:163 SKILL.md:14

📁 Доступ к файловой системе (10)

reference.md:159 scripts/google_debug.py:57 scripts/google_search.py:144 scripts/server.py:219 SKILL.md:52 SKILL.md:74 SKILL.md:140 SKILL.md:52 SKILL.md:74 SKILL.md:140

Обнаруженные паттерны

SQLite database fileSystem reconnaissanceRuby/shell backtick executionHardcoded URLTemp directory accessWeak cryptographic algorithmPython file write/appendHardcoded IP addressPath traversal sequenceHidden file in home directoryHidden file accessScreen capture upload[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network