📦

Audit History

chinese-learning-assistant - 5 audits

Audit version 5

Latest Low Risk

Jun 27, 2026, 11:13 AM

Static analysis reported many Ruby backtick, weak cryptography, and high-entropy findings. Manual review found these are false positives from Markdown code fences, inline search-query examples, and Japanese or Chinese instructional text, not executable code or obfuscation. The only meaningful operational risk is low: the skill asks the assistant to use web search for real language examples, so users should avoid submitting private text.

4
Files scanned
1,514
Lines analyzed
5
findings
codex
Audited by
Low Risk Issues (4)
Web Search May Expose User-Provided Text
The skill instructs the assistant to search external sites for native usage examples. This is useful for language learning, but user-submitted phrases or draft sentences may be sent to search providers or public websites.
Description Text Misclassified as Weak Cryptography
Static analysis flagged SKILL.md line 3 as weak cryptography. That line is the skill description in Japanese and contains no cryptographic API, algorithm name, or hashing operation.
Multilingual Markdown Misclassified as Obfuscation
Static analysis flagged high entropy in SKILL.md and three reference files. Manual review shows readable Japanese and Chinese learning materials, not packed, encrypted, or binary payloads.

Audit version 4

Safe

Jan 21, 2026, 02:47 PM

Evaluated 5 files (2500 lines). Static findings are false positives: backtick patterns in markdown are documentation formatting and search query examples, not shell execution. No malicious code detected. Skill is a legitimate Chinese language learning tool with standard web search capability for finding authentic usage examples.

5
Files scanned
2,500
Lines analyzed
1
findings
claude
Audited by
No security issues found

Audit version 3

Medium Risk

Jan 16, 2026, 12:08 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

5
Files scanned
1,715
Lines analyzed
1
findings
claude
Audited by
No security issues found

Risk Factors

⚙️ External commands (68)
references/search-guide.md:21-23 references/search-guide.md:23-25 references/search-guide.md:25 references/search-guide.md:25 references/search-guide.md:25-30 references/search-guide.md:30-32 references/search-guide.md:32-35 references/search-guide.md:35-36 references/search-guide.md:36-41 references/search-guide.md:41-43 references/search-guide.md:43-45 references/search-guide.md:45 references/search-guide.md:45-50 references/search-guide.md:50-52 references/search-guide.md:52-54 references/search-guide.md:54-59 references/search-guide.md:59-61 references/search-guide.md:61-63 references/search-guide.md:63-70 references/search-guide.md:70-72 references/search-guide.md:72-74 references/search-guide.md:74-94 references/search-guide.md:94-104 references/search-guide.md:104-115 references/search-guide.md:115-116 references/search-guide.md:116-145 references/search-guide.md:145-147 references/search-guide.md:147-158 references/search-guide.md:158-161 references/search-guide.md:161-173 references/search-guide.md:173-176 references/search-guide.md:176-187 references/search-guide.md:187-191 references/search-guide.md:191-222 references/search-guide.md:222-230 references/search-guide.md:230-236 references/search-guide.md:236-241 references/search-guide.md:241-249 SKILL.md:90-104 SKILL.md:104-136 SKILL.md:136-147 SKILL.md:147-178 SKILL.md:178-183 SKILL.md:183-187 SKILL.md:187-218 SKILL.md:218-259 SKILL.md:259-288 SKILL.md:288-294 SKILL.md:294-341 SKILL.md:341-405 SKILL.md:405-411 SKILL.md:411-481 SKILL.md:481-486 SKILL.md:486-508 SKILL.md:508-513 SKILL.md:513-552 SKILL.md:552-617 SKILL.md:617-638 SKILL.md:638-642 SKILL.md:642-645 SKILL.md:645-648 SKILL.md:648-651 SKILL.md:651-653 SKILL.md:653-677 SKILL.md:677-682 SKILL.md:682-686 SKILL.md:686-689 SKILL.md:689-709

Detected Patterns

Ruby/shell backtick executionWeak cryptographic algorithm[HEURISTIC] High file entropy (6.91 bits) - possible binary/encrypted content[HEURISTIC] High file entropy (6.31 bits) - possible binary/encrypted content[HEURISTIC] High file entropy (6.96 bits) - possible binary/encrypted content[HEURISTIC] High file entropy (7.33 bits) - possible binary/encrypted content

Audit version 2

Medium Risk

Jan 16, 2026, 12:08 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

5
Files scanned
1,715
Lines analyzed
1
findings
claude
Audited by
No security issues found

Risk Factors

⚙️ External commands (68)
references/search-guide.md:21-23 references/search-guide.md:23-25 references/search-guide.md:25 references/search-guide.md:25 references/search-guide.md:25-30 references/search-guide.md:30-32 references/search-guide.md:32-35 references/search-guide.md:35-36 references/search-guide.md:36-41 references/search-guide.md:41-43 references/search-guide.md:43-45 references/search-guide.md:45 references/search-guide.md:45-50 references/search-guide.md:50-52 references/search-guide.md:52-54 references/search-guide.md:54-59 references/search-guide.md:59-61 references/search-guide.md:61-63 references/search-guide.md:63-70 references/search-guide.md:70-72 references/search-guide.md:72-74 references/search-guide.md:74-94 references/search-guide.md:94-104 references/search-guide.md:104-115 references/search-guide.md:115-116 references/search-guide.md:116-145 references/search-guide.md:145-147 references/search-guide.md:147-158 references/search-guide.md:158-161 references/search-guide.md:161-173 references/search-guide.md:173-176 references/search-guide.md:176-187 references/search-guide.md:187-191 references/search-guide.md:191-222 references/search-guide.md:222-230 references/search-guide.md:230-236 references/search-guide.md:236-241 references/search-guide.md:241-249 SKILL.md:90-104 SKILL.md:104-136 SKILL.md:136-147 SKILL.md:147-178 SKILL.md:178-183 SKILL.md:183-187 SKILL.md:187-218 SKILL.md:218-259 SKILL.md:259-288 SKILL.md:288-294 SKILL.md:294-341 SKILL.md:341-405 SKILL.md:405-411 SKILL.md:411-481 SKILL.md:481-486 SKILL.md:486-508 SKILL.md:508-513 SKILL.md:513-552 SKILL.md:552-617 SKILL.md:617-638 SKILL.md:638-642 SKILL.md:642-645 SKILL.md:645-648 SKILL.md:648-651 SKILL.md:651-653 SKILL.md:653-677 SKILL.md:677-682 SKILL.md:682-686 SKILL.md:686-689 SKILL.md:689-709

Detected Patterns

Ruby/shell backtick executionWeak cryptographic algorithm[HEURISTIC] High file entropy (6.91 bits) - possible binary/encrypted content[HEURISTIC] High file entropy (6.31 bits) - possible binary/encrypted content[HEURISTIC] High file entropy (6.96 bits) - possible binary/encrypted content[HEURISTIC] High file entropy (7.33 bits) - possible binary/encrypted content

Audit version 1

Safe

Jan 10, 2026, 08:40 AM

This is a pure prompt-based skill with no code execution capabilities. It guides AI behavior for Chinese language learning assistance. The skill instructs AI to use web search for finding real-world expression examples, which is legitimate educational use. No filesystem access, network code, or external commands are present.

4
Files scanned
1,514
Lines analyzed
0
findings
claude
Audited by
No security issues found