Audit History - diffdock

Audit version 4

Latest Safe

Jan 17, 2026, 06:46 AM

The static analysis flagged 295 potential issues, but ALL are FALSE POSITIVES. The scanner incorrectly identified scientific protein sequences (GFP containing 'SAM') as Windows SAM database references, scientific paper citations as weak cryptographic algorithms, standard Python loops as C2 beacon patterns, and markdown code block syntax as shell execution. This is a legitimate molecular docking research tool with no malicious intent or security vulnerabilities.

10

Files scanned

2,493

Lines analyzed

4

findings

claude

Audited by

No security issues found

Risk Factors

⚙️ External commands (4)

SKILL.md:42-470 references/confidence_and_limitations.md:146-166 references/parameters_reference.md:8-159 references/workflows_examples.md:9-377

🌐 Network access (2)

SKILL.md:53-480 scripts/setup_check.py:179-194

📁 Filesystem access (2)

scripts/analyze_results.py:214 references/workflows_examples.md:290

⚡ Contains scripts (1)

scripts/setup_check.py:40

Audit version 3

Safe

Jan 17, 2026, 06:46 AM

The static analysis flagged 295 potential issues, but ALL are FALSE POSITIVES. The scanner incorrectly identified scientific protein sequences (GFP containing 'SAM') as Windows SAM database references, scientific paper citations as weak cryptographic algorithms, standard Python loops as C2 beacon patterns, and markdown code block syntax as shell execution. This is a legitimate molecular docking research tool with no malicious intent or security vulnerabilities.

10

Files scanned

2,493

Lines analyzed

4

findings

claude

Audited by

No security issues found

Risk Factors

⚙️ External commands (4)

SKILL.md:42-470 references/confidence_and_limitations.md:146-166 references/parameters_reference.md:8-159 references/workflows_examples.md:9-377

🌐 Network access (2)

SKILL.md:53-480 scripts/setup_check.py:179-194

📁 Filesystem access (2)

scripts/analyze_results.py:214 references/workflows_examples.md:290

⚡ Contains scripts (1)

scripts/setup_check.py:40

Audit version 2

Safe

Jan 12, 2026, 04:19 PM

The static analysis flagged numerous false positives from documentation files containing bash command examples. No actual security vulnerabilities were found in the executable code. The skill is a legitimate scientific tool for molecular docking research.

9

Files scanned

2,188

Lines analyzed

4

findings

claude

Audited by

No security issues found

Risk Factors

⚙️ External commands (3)

references/workflows_examples.md:9-12 references/parameters_reference.md:8-15 SKILL.md:42-45

🌐 Network access (2)

scripts/setup_check.py:179-194 SKILL.md:53

📁 Filesystem access (2)

scripts/analyze_results.py:214 references/workflows_examples.md:290

⚡ Contains scripts (1)

scripts/setup_check.py:40

Audit version 1

Low Risk

Jan 4, 2026, 05:11 PM

The skill includes local helper scripts that read and write user-specified files for validation and reporting. No network access, credential harvesting, or command execution was found. This is a legitimate scientific tool wrapper.

11

Files scanned

2,440

Lines analyzed

3

findings

claude

Audited by

Low Risk Issues (1)

scripts/analyze_results.py:91-109 scripts/analyze_results.py:214-231

Reads and writes user-specified files

The scripts read local result files and write CSV summaries, for example `with open(confidence_file) as f:` and `with open(output_path, 'w', newline='') as f:`. This is expected for validation and reporting, but it means the skill can access any file path a user provides, which could expose sensitive data if misused.

Risk Factors

⚡ Contains scripts (3)

scripts/setup_check.py:1-5 scripts/prepare_batch_csv.py:1-5 scripts/analyze_results.py:1-5

📁 Filesystem access (3)

scripts/prepare_batch_csv.py:44-56 scripts/analyze_results.py:91-109 scripts/analyze_results.py:214-231