Audit History
pufferlib - 4 audits
Audit version 4
Latest SafeJan 17, 2026, 07:44 AM
All 331 static findings are FALSE POSITIVES. This is a legitimate open-source reinforcement learning library. The static analyzer incorrectly flagged bash command examples in markdown documentation (SKILL.md, references/*.md) as dangerous backtick execution. No actual command injection, credential exfiltration, or malicious patterns exist in the codebase. Verified via grep - no hashlib, subprocess, or actual dangerous execution patterns found.
Risk Factors
Audit version 3
SafeJan 17, 2026, 07:44 AM
All 331 static findings are FALSE POSITIVES. This is a legitimate open-source reinforcement learning library. The static analyzer incorrectly flagged bash command examples in markdown documentation (SKILL.md, references/*.md) as dangerous backtick execution. No actual command injection, credential exfiltration, or malicious patterns exist in the codebase. Verified via grep - no hashlib, subprocess, or actual dangerous execution patterns found.
Risk Factors
Audit version 2
SafeJan 12, 2026, 04:49 PM
All 316 static findings are false positives. The analyzer flagged documentation patterns (code examples, CLI commands, troubleshooting tips) as security issues. The actual Python code contains only standard reinforcement learning training patterns with no malicious behavior.
Risk Factors
⚙️ External commands (251)
📁 Filesystem access (1)
🌐 Network access (2)
Audit version 1
SafeJan 4, 2026, 04:24 PM
This skill contains documentation and template scripts for reinforcement learning. No credential harvesting, data exfiltration, code obfuscation, or malicious patterns were found. All capabilities (training loops, checkpointing, logging) are standard ML operations that align with the stated RL training purpose.