Skills code-analysis Audit History
📦

Audit History

code-analysis - 6 audits

Audit version 6

Latest Low Risk

Jun 28, 2026, 04:09 AM

The static weak cryptography findings are false positives caused by readability terms such as token, serialize, and hash-related wording, not cryptographic operations. The Markdown backtick findings are also false positives from fenced examples and documented CLI usage. The skill is safe to publish with a low warning because it runs a local script that reads user-selected files and may print code snippets.

2
Files scanned
736
Lines analyzed
7
findings
codex
Audited by
Low Risk Issues (4)
Local File Read Requires User Care
The analyzer accepts a user-provided --path value, checks that the path exists, and reads the file contents for analysis. This is expected for a readability tool, but users should avoid scanning files that contain secrets or sensitive source because snippets can be included in output.
Weak Cryptography Static Findings Are False Positives
The flagged locations use words such as token, serialize, JSON, and descriptions for readability issues. No evidence found of weak hashing, encryption, or cryptographic APIs in the scanned files.
Markdown Backtick Static Findings Are False Positives
The SKILL.md findings are Markdown fenced examples and documented usage for running the local analyzer. They are not Ruby shell backticks and do not create hidden command execution.
System Reconnaissance Static Finding Is False Positive
The line flagged for system reconnaissance resets an internal counter after reporting a readability issue. No evidence found of host enumeration, system probing, or environment collection.

Risk Factors

⚡ Contains scripts (2)
📁 Filesystem access (1)
⚙️ External commands (1)

Detected Patterns

User-Selected Local File Reading

Audit version 5

Low Risk

Jan 16, 2026, 02:43 PM

This is a legitimate code readability analyzer with no security concerns. All 44 static findings are FALSE POSITIVES. The 'Weak cryptographic algorithm' patterns are misidentified regex patterns for code analysis (analyzing variable names like 'usr_tkn', 'tmp', 'idx'). The 'Ruby/shell backtick execution' patterns are documentation code fences (markdown syntax), not actual shell commands. The 'C2 keywords' finding references 'webhook' as a technical term in a jargon list, not command-and-control infrastructure. The skill only reads user-specified files via command-line arguments, uses standard Python libraries (argparse, os, re, json, pathlib), and makes zero network requests. Capabilities match the stated purpose: analyzing code readability for non-developers.

3
Files scanned
929
Lines analyzed
1
findings
claude
Audited by
No security issues found

Risk Factors

📁 Filesystem access (1)

Audit version 4

Low Risk

Jan 16, 2026, 02:43 PM

This is a legitimate code readability analyzer with no security concerns. All 44 static findings are FALSE POSITIVES. The 'Weak cryptographic algorithm' patterns are misidentified regex patterns for code analysis (analyzing variable names like 'usr_tkn', 'tmp', 'idx'). The 'Ruby/shell backtick execution' patterns are documentation code fences (markdown syntax), not actual shell commands. The 'C2 keywords' finding references 'webhook' as a technical term in a jargon list, not command-and-control infrastructure. The skill only reads user-specified files via command-line arguments, uses standard Python libraries (argparse, os, re, json, pathlib), and makes zero network requests. Capabilities match the stated purpose: analyzing code readability for non-developers.

3
Files scanned
929
Lines analyzed
1
findings
claude
Audited by
No security issues found

Risk Factors

📁 Filesystem access (1)

Audit version 3

Low Risk

Jan 10, 2026, 09:51 AM

This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.

2
Files scanned
736
Lines analyzed
1
findings
claude
Audited by
No security issues found

Risk Factors

📁 Filesystem access (1)

Audit version 2

Low Risk

Jan 10, 2026, 09:51 AM

This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.

2
Files scanned
736
Lines analyzed
1
findings
claude
Audited by
No security issues found

Risk Factors

📁 Filesystem access (1)

Audit version 1

Low Risk

Jan 10, 2026, 09:51 AM

This is a straightforward code readability analyzer with minimal risk. It only reads files specified by the user via command-line arguments, uses standard Python libraries for parsing, and makes no network requests. The capabilities match its stated purpose of checking code accessibility.

2
Files scanned
736
Lines analyzed
1
findings
claude
Audited by
No security issues found

Risk Factors

📁 Filesystem access (1)