Skills devflow-constitution-quick-ref Audit History
📦

Audit History

devflow-constitution-quick-ref - 6 audits

Audit version 6

Latest Safe

Jan 21, 2026, 05:56 PM

Pure documentation skill containing only markdown reference material for CC-DevFlow Constitution. Static scanner detected patterns in markdown code examples as security risks, but all findings are false positives. The skill has no executable code, network calls, or file system operations. All 58 static findings were evaluated and dismissed as documentation artifacts.

2
Files scanned
990
Lines analyzed
0
findings
claude
Audited by
No security issues found

Audit version 5

Medium Risk

Jan 17, 2026, 04:33 AM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Files scanned
550
Lines analyzed
4
findings
claude
Audited by
No security issues found

Risk Factors

🌐 Network access (1)
skill-report.json:6
📁 Filesystem access (1)
skill-report.json:6
⚙️ External commands (31)
SKILL.md:11 SKILL.md:37-41 SKILL.md:41-43 SKILL.md:43-63 SKILL.md:63-67 SKILL.md:67-69 SKILL.md:69-90 SKILL.md:90-93 SKILL.md:93-95 SKILL.md:95-115 SKILL.md:115-119 SKILL.md:119-121 SKILL.md:121-141 SKILL.md:141-145 SKILL.md:145-147 SKILL.md:147-159 SKILL.md:159-167 SKILL.md:167-174 SKILL.md:174-176 SKILL.md:176-196 SKILL.md:196-200 SKILL.md:200-202 SKILL.md:202-222 SKILL.md:222-226 SKILL.md:226-228 SKILL.md:228-249 SKILL.md:249-254 SKILL.md:254-256 SKILL.md:256-277 SKILL.md:277-280 SKILL.md:280-282
🔑 Env variables (3)
SKILL.md:346 SKILL.md:91 SKILL.md:343

Detected Patterns

Hardcoded URLHidden file accessWeak cryptographic algorithmRuby/shell backtick executiondotenv libraryGeneric API/secret keysEnvironment file accessSystem reconnaissance[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Audit version 4

Medium Risk

Jan 17, 2026, 04:33 AM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Files scanned
550
Lines analyzed
4
findings
claude
Audited by
No security issues found

Risk Factors

🌐 Network access (1)
skill-report.json:6
📁 Filesystem access (1)
skill-report.json:6
⚙️ External commands (31)
SKILL.md:11 SKILL.md:37-41 SKILL.md:41-43 SKILL.md:43-63 SKILL.md:63-67 SKILL.md:67-69 SKILL.md:69-90 SKILL.md:90-93 SKILL.md:93-95 SKILL.md:95-115 SKILL.md:115-119 SKILL.md:119-121 SKILL.md:121-141 SKILL.md:141-145 SKILL.md:145-147 SKILL.md:147-159 SKILL.md:159-167 SKILL.md:167-174 SKILL.md:174-176 SKILL.md:176-196 SKILL.md:196-200 SKILL.md:200-202 SKILL.md:202-222 SKILL.md:222-226 SKILL.md:226-228 SKILL.md:228-249 SKILL.md:249-254 SKILL.md:254-256 SKILL.md:256-277 SKILL.md:277-280 SKILL.md:280-282
🔑 Env variables (3)
SKILL.md:346 SKILL.md:91 SKILL.md:343

Detected Patterns

Hardcoded URLHidden file accessWeak cryptographic algorithmRuby/shell backtick executiondotenv libraryGeneric API/secret keysEnvironment file accessSystem reconnaissance[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Audit version 3

Safe

Jan 10, 2026, 02:06 PM

Pure documentation skill containing only markdown reference content. No executable code, no network operations, no file system modifications, and no external command execution. This is a read-only knowledge base for CC-DevFlow constitution rules.

1
Files scanned
375
Lines analyzed
0
findings
claude
Audited by
No security issues found

Audit version 2

Safe

Jan 10, 2026, 02:06 PM

Pure documentation skill containing only markdown reference content. No executable code, no network operations, no file system modifications, and no external command execution. This is a read-only knowledge base for CC-DevFlow constitution rules.

1
Files scanned
375
Lines analyzed
0
findings
claude
Audited by
No security issues found

Audit version 1

Safe

Jan 10, 2026, 02:06 PM

Pure documentation skill containing only markdown reference content. No executable code, no network operations, no file system modifications, and no external command execution. This is a read-only knowledge base for CC-DevFlow constitution rules.

1
Files scanned
375
Lines analyzed
0
findings
claude
Audited by
No security issues found
← Back to Skill