技能 p2p-networking 审计历史
📦

审计历史

p2p-networking - 6 审计

审计版本 6

最新 中风险

Jun 28, 2026, 04:44 AM

The static external command, obfuscation, weak crypto, sensitive file, and reconnaissance findings are false positives caused by markdown fences, diagrams, and domain terms. The skill is publishable, but it has medium inherent risk because it guides users to build inbound P2P networking, peer messaging, gossip, and repository synchronization with untrusted peers.

1
已扫描文件
264
分析行数
5
复核项
0
已忽略误报
能力复核项 (4)

这些是真实的本地能力,对此技能可能是预期行为,因此需要复核,但不会按已确认恶意行为计分。

Inbound P2P Networking Guidance
The skill provides Rust patterns for connecting to peers, broadcasting messages, gossiping data, synchronizing repository objects, and listening on 0.0.0.0:9000. This is legitimate for a P2P networking skill, but it increases exposure to untrusted network traffic if implemented without strict validation, rate limits, and authentication.
The networking behavior is explicit and central to the skill. The risk is contextual rather than malicious because the same file also recommends authentication, encryption, rate limiting, peer scoring, and message validation.
External Command Findings Are Markdown False Positives
The reported Ruby or shell backtick execution locations are markdown inline code spans or fenced Rust examples. No evidence found of executable shell commands, Ruby code, or command construction.
All cited locations are visible markdown formatting or static Rust snippets. There is no shell interpreter, process spawning API, or user-controlled command path.
Weak Cryptography Findings Are False Positives
The cited lines describe authenticated encrypted communication, Noise protocol, and Ed25519 keypairs. No evidence found of MD5, SHA1, DES, RC4, ECB mode, or other weak cryptographic algorithms.
The visible cryptographic terms are modern authentication and encryption choices. The static hits appear to come from broad substring matching, not actual weak algorithm usage.
Obfuscation And Reconnaissance Findings Are False Positives
The bracket-chain and reconnaissance findings are caused by an ASCII network diagram and peer discovery terminology. No evidence found of prompt injection, hidden instructions, encoded payloads, system probing, credential access, or data exfiltration.
The suspicious structures are documentation artifacts and normal peer-networking identifiers. The file contains no directives that attempt to override the evaluator or conceal behavior.

检测到的模式

All-Interfaces Listener Example
审计者: codex

审计版本 5

安全

Jan 16, 2026, 03:31 PM

Pure documentation skill containing instructional content and Rust code templates for P2P networking patterns. Contains no executable code, no file system access, no network operations. Only architectural guidance for implementing decentralized networking using commonware primitives.

2
已扫描文件
444
分析行数
2
复核项
0
已忽略误报
审计者: claude

审计版本 4

安全

Jan 16, 2026, 03:31 PM

Pure documentation skill containing instructional content and Rust code templates for P2P networking patterns. Contains no executable code, no file system access, no network operations. Only architectural guidance for implementing decentralized networking using commonware primitives.

2
已扫描文件
444
分析行数
2
复核项
0
已忽略误报
审计者: claude

审计版本 3

安全

Jan 10, 2026, 09:52 AM

Pure documentation skill containing instructional content and Rust code templates for P2P networking patterns. No executable code, no file system access, no network operations. Contains only architectural guidance for implementing decentralized networking.

1
已扫描文件
264
分析行数
0
复核项
0
已忽略误报
未发现安全问题
审计者: claude

审计版本 2

安全

Jan 10, 2026, 09:52 AM

Pure documentation skill containing instructional content and Rust code templates for P2P networking patterns. No executable code, no file system access, no network operations. Contains only architectural guidance for implementing decentralized networking.

1
已扫描文件
264
分析行数
0
复核项
0
已忽略误报
未发现安全问题
审计者: claude

审计版本 1

安全

Jan 10, 2026, 09:52 AM

Pure documentation skill containing instructional content and Rust code templates for P2P networking patterns. No executable code, no file system access, no network operations. Contains only architectural guidance for implementing decentralized networking.

1
已扫描文件
264
分析行数
0
复核项
0
已忽略误报
未发现安全问题
审计者: claude