📦

审计历史

next-js-better-auth-integration - 6 审计

审计版本 6

最新 安全

Jun 28, 2026, 03:55 AM

Reviewed the three static findings in SKILL.md and found no confirmed malicious or unsafe behavior. The flagged lines are descriptive authentication guidance, not executable code, credential access, weak cryptography, or network reconnaissance. No prompt injection attempt or data exfiltration intent was found.

1
已扫描文件
170
分析行数
0
复核项
3
已忽略误报
已忽略静态误报 (3)

这些静态命中已被语义复核判定为误报,或只命中了 schema 定义里的词;这里保留展示用于透明度,但不影响质量评分。

False Positive: Secure Cookie Guidance
The static analyzer flagged browser credential files at SKILL.md:142. The line recommends secure, HTTP-only cookies for sessions, which is defensive authentication guidance and does not access browser credential files.
The line contains a secure cookie recommendation only. No filesystem path, browser profile access, or credential extraction behavior appears in the skill.
False Positive: Weak Cryptographic Algorithm
The static analyzer flagged weak cryptography at SKILL.md:7. The line is frontmatter description text for a conceptual Better Auth integration skill and does not name or configure a cryptographic algorithm.
The flagged line is plain metadata text. There is no MD5, SHA-1, DES, or other weak algorithm configuration at that location.
False Positive: Network Reconnaissance
The static analyzer flagged network reconnaissance at SKILL.md:122. The line advises using server components for server-side session access and does not describe port scanning, probing, or network enumeration.
The surrounding context is App Router integration guidance. No command, endpoint list, scanner, or reconnaissance workflow is present.
未发现安全问题
审计者: codex

审计版本 5

安全

Jan 16, 2026, 03:46 PM

This is a documentation-only skill containing only conceptual guidance for authentication implementation. All static findings are false positives triggered by security-related keywords in documentation text. No executable code, network calls, or file system access exists in this skill.

2
已扫描文件
347
分析行数
0
复核项
0
已忽略误报
未发现安全问题
审计者: claude

审计版本 4

安全

Jan 16, 2026, 03:46 PM

This is a documentation-only skill containing only conceptual guidance for authentication implementation. All static findings are false positives triggered by security-related keywords in documentation text. No executable code, network calls, or file system access exists in this skill.

2
已扫描文件
347
分析行数
0
复核项
0
已忽略误报
未发现安全问题
审计者: claude

审计版本 3

安全

Jan 10, 2026, 09:50 AM

Pure documentation skill containing only SKILL.md. No executable code, scripts, network calls, or file system access. This is a conceptual guide for authentication implementation patterns.

1
已扫描文件
170
分析行数
0
复核项
0
已忽略误报
未发现安全问题
审计者: claude

审计版本 2

安全

Jan 10, 2026, 09:50 AM

Pure documentation skill containing only SKILL.md. No executable code, scripts, network calls, or file system access. This is a conceptual guide for authentication implementation patterns.

1
已扫描文件
170
分析行数
0
复核项
0
已忽略误报
未发现安全问题
审计者: claude

审计版本 1

安全

Jan 10, 2026, 09:50 AM

Pure documentation skill containing only SKILL.md. No executable code, scripts, network calls, or file system access. This is a conceptual guide for authentication implementation patterns.

1
已扫描文件
170
分析行数
0
复核项
0
已忽略误报
未发现安全问题
审计者: claude