Audit History
matplotlib - 4 audits
Audit version 4
Latest SafeJan 17, 2026, 06:27 AM
All 552 static findings are FALSE POSITIVES. The 'Ruby/shell backtick execution' (494 locations) are Python code examples in markdown documentation. 'Weak cryptographic algorithm' flags are metadata hashes and configuration access. 'C2 keywords' is 'claude' model identifier in metadata. 'System reconnaissance' is matplotlib querying available styles. 'Certificate/key files' is style configuration file writing. No malicious code execution, credential exfiltration, or network abuse detected.
Risk Factors
⚙️ External commands (5)
🌐 Network access (1)
📁 Filesystem access (1)
Audit version 3
SafeJan 17, 2026, 06:27 AM
All 552 static findings are FALSE POSITIVES. The 'Ruby/shell backtick execution' (494 locations) are Python code examples in markdown documentation. 'Weak cryptographic algorithm' flags are metadata hashes and configuration access. 'C2 keywords' is 'claude' model identifier in metadata. 'System reconnaissance' is matplotlib querying available styles. 'Certificate/key files' is style configuration file writing. No malicious code execution, credential exfiltration, or network abuse detected.
Risk Factors
⚙️ External commands (5)
🌐 Network access (1)
📁 Filesystem access (1)
Audit version 2
SafeJan 12, 2026, 05:10 PM
This matplotlib skill contains documentation and helper scripts for data visualization. The static analysis flagged numerous false positives - the 'weak cryptographic algorithm' findings are dictionary operations, and 'external_commands' are Python code examples in markdown. No actual security risks detected.
Risk Factors
⚙️ External commands
🌐 Network access (1)
📁 Filesystem access (1)
Audit version 1
SafeJan 4, 2026, 05:06 PM
No credential access, environment harvesting, or network exfiltration patterns were found. Scripts focus on local plotting and optional file output only.