Audit History
code-analysis - 6 audits
Audit version 6
Latest Low RiskJun 28, 2026, 04:09 AM
The static weak cryptography findings are false positives caused by readability terms such as token, serialize, and hash-related wording, not cryptographic operations. The Markdown backtick findings are also false positives from fenced examples and documented CLI usage. The skill is safe to publish with a low warning because it runs a local script that reads user-selected files and may print code snippets.
Low Risk Issues (4)
Risk Factors
⚡ Contains scripts (2)
📁 Filesystem access (1)
⚙️ External commands (1)
Detected Patterns
Audit version 5
Low RiskJan 16, 2026, 02:43 PM
This is a legitimate code readability analyzer with no security concerns. All 44 static findings are FALSE POSITIVES. The 'Weak cryptographic algorithm' patterns are misidentified regex patterns for code analysis (analyzing variable names like 'usr_tkn', 'tmp', 'idx'). The 'Ruby/shell backtick execution' patterns are documentation code fences (markdown syntax), not actual shell commands. The 'C2 keywords' finding references 'webhook' as a technical term in a jargon list, not command-and-control infrastructure. The skill only reads user-specified files via command-line arguments, uses standard Python libraries (argparse, os, re, json, pathlib), and makes zero network requests. Capabilities match the stated purpose: analyzing code readability for non-developers.
Risk Factors
📁 Filesystem access (1)
Audit version 4
Low RiskJan 16, 2026, 02:43 PM
This is a legitimate code readability analyzer with no security concerns. All 44 static findings are FALSE POSITIVES. The 'Weak cryptographic algorithm' patterns are misidentified regex patterns for code analysis (analyzing variable names like 'usr_tkn', 'tmp', 'idx'). The 'Ruby/shell backtick execution' patterns are documentation code fences (markdown syntax), not actual shell commands. The 'C2 keywords' finding references 'webhook' as a technical term in a jargon list, not command-and-control infrastructure. The skill only reads user-specified files via command-line arguments, uses standard Python libraries (argparse, os, re, json, pathlib), and makes zero network requests. Capabilities match the stated purpose: analyzing code readability for non-developers.
Risk Factors
📁 Filesystem access (1)
Audit version 3
Low RiskJan 10, 2026, 09:51 AM
This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.
Risk Factors
📁 Filesystem access (1)
Audit version 2
Low RiskJan 10, 2026, 09:51 AM
This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.
Risk Factors
📁 Filesystem access (1)
Audit version 1
Low RiskJan 10, 2026, 09:51 AM
This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.