Навыки qwen-image История аудитов
🖼️

История аудитов

qwen-image - 3 аудиты

Версия аудита 3

Последняя Безопасно

Mar 10, 2026, 08:19 AM

Static scanner flagged 53 potential issues (external_commands, network, weak_crypto, system_reconnaissance). Manual evaluation confirms all findings are false positives: backticks are markdown code formatting, URLs point to the legitimate inference.sh API service, and there is no cryptographic code or reconnaissance behavior. The skill is documentation for an image generation CLI tool with no malicious behavior.

1
Просканировано файлов
184
Проанализировано строк
4
находки
claude
Проверено
Проблемы низкого риска (2)
SKILL.md:15-177
Shell Command Patterns in Documentation
Static scanner detected backtick commands in SKILL.md. These are markdown code formatting for example CLI commands (infsh app run...), not actual code execution.
SKILL.md:9-183
Hardcoded URLs Point to Service API
URLs detected (inference.sh, example.com) are legitimate service endpoints required for the skill to function as an image generation tool.

Факторы риска

⚙️ Внешние команды (39)
SKILL.md:15 SKILL.md:15 SKILL.md:17-21 SKILL.md:21-28 SKILL.md:28-29 SKILL.md:29-33 SKILL.md:33-35 SKILL.md:35-41 SKILL.md:41-45 SKILL.md:45-49 SKILL.md:49-54 SKILL.md:54-58 SKILL.md:58-64 SKILL.md:64-68 SKILL.md:68-75 SKILL.md:75-79 SKILL.md:79-88 SKILL.md:88-92 SKILL.md:92-97 SKILL.md:97-101 SKILL.md:101-106 SKILL.md:106-112 SKILL.md:112-113 SKILL.md:113-114 SKILL.md:114-115 SKILL.md:115-116 SKILL.md:116-117 SKILL.md:117-118 SKILL.md:118-119 SKILL.md:119-120 SKILL.md:120-128 SKILL.md:128-129 SKILL.md:129-134 SKILL.md:134-136 SKILL.md:136-146 SKILL.md:146-153 SKILL.md:153-166 SKILL.md:166-175 SKILL.md:175-177
🌐 Доступ к сети (8)
SKILL.md:9 SKILL.md:11 SKILL.md:83 SKILL.md:84 SKILL.md:85 SKILL.md:181 SKILL.md:182 SKILL.md:183

Версия аудита 2

Безопасно

Mar 9, 2026, 08:22 AM

All 53 static analysis findings are false positives from documentation content. The detected patterns (backticks, URLs, version numbers) exist only within markdown code blocks and documentation examples, not in executable code. This skill provides legitimate documentation for using Alibaba Qwen-Image-2.0 models through the inference.sh CLI platform.

1
Просканировано файлов
184
Проанализировано строк
0
находки
claude
Проверено
Проблем безопасности не найдено

Версия аудита 1

Безопасно

Mar 8, 2026, 08:13 AM

This skill is a documentation file (SKILL.md) that provides guidance on using the inference.sh CLI for Alibaba Qwen-Image-2.0 image generation. All static findings (external_commands, network, weak cryptographic algorithm, system reconnaissance) are false positives. The skill contains only markdown documentation with example commands - no executable code. The backticks detected are markdown code block syntax, not shell execution. Network URLs are legitimate documentation links.

1
Просканировано файлов
184
Проанализировано строк
2
находки
claude
Проверено
Проблемы низкого риска (2)
SKILL.md:15-180
External Commands in Documentation
The skill contains example CLI commands using infsh tool. These are documentation examples, not executable code. The skill is a SKILL.md file that provides usage instructions.
SKILL.md:9-11SKILL.md:83-85SKILL.md:181-183
Hardcoded URLs in Documentation
Documentation contains URLs to inference.sh website and example image URLs. These are legitimate documentation links.
← Назад к навыку