Audit History - forensics-osquery

Audit version 5

Latest Safe

Jan 16, 2026, 03:40 PM

All 810 static findings are FALSE POSITIVES. This is a legitimate DFIR (Digital Forensics and Incident Response) skill using osquery SQL queries to detect malicious activity. The scanner detected detection queries for credential access, PowerShell commands, and suspicious processes - but these are intentionally designed to identify indicators of compromise, not perform malicious actions. Skill includes MITRE ATT&CK mapping and forensic packs for incident response.

11

Files scanned

3,116

Lines analyzed

3

findings

claude

Audited by

No security issues found

Risk Factors

⚙️ External commands (2)

assets/forensic-packs/credential-access.conf:91-95 SKILL.md:340

📁 Filesystem access (2)

assets/forensic-packs/credential-access.conf:86 assets/forensic-packs/lateral-movement.conf:54-60

🌐 Network access (2)

assets/forensic-packs/ir-triage.conf:39-44 assets/osquery.conf:53-58

Audit version 4

Safe

Jan 16, 2026, 03:40 PM

All 810 static findings are FALSE POSITIVES. This is a legitimate DFIR (Digital Forensics and Incident Response) skill using osquery SQL queries to detect malicious activity. The scanner detected detection queries for credential access, PowerShell commands, and suspicious processes - but these are intentionally designed to identify indicators of compromise, not perform malicious actions. Skill includes MITRE ATT&CK mapping and forensic packs for incident response.

11

Files scanned

3,116

Lines analyzed

3

findings

claude

Audited by

No security issues found

Risk Factors

⚙️ External commands (2)

assets/forensic-packs/credential-access.conf:91-95 SKILL.md:340

📁 Filesystem access (2)

assets/forensic-packs/credential-access.conf:86 assets/forensic-packs/lateral-movement.conf:54-60

🌐 Network access (2)

assets/forensic-packs/ir-triage.conf:39-44 assets/osquery.conf:53-58

Audit version 3

Safe

Jan 10, 2026, 10:33 AM

Pure documentation and configuration skill. Contains SQL query examples and osquery configuration templates for forensic investigation. No executable code, scripts, or network communication capabilities detected.

10

Files scanned

2,870

Lines analyzed

0

findings

claude

Audited by

No security issues found

Audit version 2

Safe

Jan 10, 2026, 10:33 AM

Pure documentation and configuration skill. Contains SQL query examples and osquery configuration templates for forensic investigation. No executable code, scripts, or network communication capabilities detected.

10

Files scanned

2,870

Lines analyzed

0

findings

claude

Audited by

No security issues found

Audit version 1

Safe

Jan 10, 2026, 10:33 AM

Pure documentation and configuration skill. Contains SQL query examples and osquery configuration templates for forensic investigation. No executable code, scripts, or network communication capabilities detected.

10

Files scanned

2,870

Lines analyzed

0

findings

claude

Audited by

No security issues found