技能 synthese-multi-llm 审计历史
📦

审计历史

synthese-multi-llm - 6 审计

审计版本 6

最新 中风险

Jun 28, 2026, 08:17 AM

Static analysis found many command, credential, network, filesystem, and hash patterns. Review confirms these are mostly intended multi-LLM orchestration features, not confirmed malicious behavior. The skill should publish with a medium-risk warning because it can send source text to model providers and persist audit data locally.

21
已扫描文件
8,591
分析行数
12
发现项
codex
审计者
中风险问题 (4)
scripts/synthese.py:1299-1318
External model commands execute with user prompts
The main workflow runs fixed model CLIs and passes the prompt as an argument. This reduces shell injection risk, but it still executes external tools and shares document content with them.
scripts/backends/cli_backend.py:147-159
Configurable CLI backend can run configured commands
The generic CLI backend builds a command from configuration and executes it with the inherited environment. This is useful for custom LLM tools but risky with untrusted configuration.
wrappers/claude_wrapper.sh:20-42wrappers/ollama_wrapper.sh:18-40
Model wrappers send prompts to configured services
The Claude wrapper sends prompts to the Anthropic API with an API key header, and the Ollama wrapper sends prompts to a configured host. This is intended behavior but can expose sensitive source text.
scripts/synthese.py:2671-2717
Audit trails and exports persist synthesis data locally
The workflow writes session trails and Markdown output to local files. This supports traceability, but users must manage stored source excerpts and model responses.
低风险问题 (3)
scripts/synthese.py:658-668scripts/synthese.py:1782-1786
Weak-crypto scanner matches are non-security identifiers
Reviewed hash usage is for cache keys and short session identifiers, not password storage, signatures, or encryption. The static weak-crypto labels are false positives in this context.
scripts/sanitize.py:25-43scripts/sanitize.py:176-202
Shell metacharacter and hex findings are sanitizer data
The flagged backticks, command substitutions, and hex escapes appear inside input sanitization constants and cleanup logic. They are detection targets, not executed payloads.
references/configuration.md:10-12
Prompt injection indicators were not found
Searches for override, skip-review, and fake authority language found configuration terms only. No evidence found of instructions that try to override the audit process.

风险因素

⚙️ 外部命令 (4)
scripts/synthese.py:1229-1233 scripts/synthese.py:1317-1322 scripts/backends/cli_backend.py:147-159 wrappers/claude_wrapper.sh:37-40
🔑 环境变量 (4)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/anthropic_backend.py:314-320 wrappers/claude_wrapper.sh:22-24 wrappers/claude_wrapper.sh:40-42
🌐 网络访问 (4)
wrappers/claude_wrapper.sh:20 wrappers/claude_wrapper.sh:39-46 wrappers/ollama_wrapper.sh:18-20 wrappers/ollama_wrapper.sh:39-45
📁 文件系统访问 (3)
scripts/config.py:205-207 scripts/synthese.py:2671-2681 scripts/synthese.py:2700-2717
⚡ 包含脚本 (3)
scripts/synthese.py:1-24 scripts/backends/__init__.py:22-41 scripts/backends/cli_backend.py:1-18

检测到的模式

Python subprocess executionAsync configurable subprocess executionAPI key environment accessNetwork requests from shell wrappers

审计版本 5

低风险

Jan 16, 2026, 03:20 PM

This is a legitimate multi-LLM orchestration tool for text summarization. The static analyzer's 588 findings are overwhelmingly false positives. The 'weak cryptographic algorithm' findings are markdown documentation being misidentified. 'Shell backtick execution' findings are markdown code formatting. 'API/secret keys' findings are proper environment variable access patterns. The critical heuristics are triggered by legitimate subprocess execution for CLI model calls and API interactions with proper credential handling. No evidence of malicious intent, data exfiltration, or harmful patterns found.

22
已扫描文件
9,013
分析行数
4
发现项
claude
审计者
未发现安全问题

风险因素

⚙️ 外部命令 (2)
scripts/synthese.py:1229-1242 scripts/synthese.py:1299-1320
🌐 网络访问 (1)
scripts/synthese.py:836-848
📁 文件系统访问 (1)
scripts/synthese.py:708-720
🔑 环境变量 (1)
scripts/backends/anthropic_backend.py:106-108

审计版本 4

低风险

Jan 16, 2026, 03:20 PM

This is a legitimate multi-LLM orchestration tool for text summarization. The static analyzer's 588 findings are overwhelmingly false positives. The 'weak cryptographic algorithm' findings are markdown documentation being misidentified. 'Shell backtick execution' findings are markdown code formatting. 'API/secret keys' findings are proper environment variable access patterns. The critical heuristics are triggered by legitimate subprocess execution for CLI model calls and API interactions with proper credential handling. No evidence of malicious intent, data exfiltration, or harmful patterns found.

22
已扫描文件
9,013
分析行数
4
发现项
claude
审计者
未发现安全问题

风险因素

⚙️ 外部命令 (2)
scripts/synthese.py:1229-1242 scripts/synthese.py:1299-1320
🌐 网络访问 (1)
scripts/synthese.py:836-848
📁 文件系统访问 (1)
scripts/synthese.py:708-720
🔑 环境变量 (1)
scripts/backends/anthropic_backend.py:106-108

审计版本 3

低风险

Jan 10, 2026, 10:15 AM

Legitimate multi-LLM synthesis tool. Capabilities align with stated purpose. Subprocess and network calls are documented and expected for calling external LLM services. Input sanitization and validation present. No malicious patterns detected.

14
已扫描文件
4,642
分析行数
7
发现项
claude
审计者
低风险问题 (2)
scripts/synthese.py:70
Subprocess execution for LLM calls
The code executes subprocess calls to invoke external CLI commands (claude, gemini, codex). This is a legitimate capability for an LLM orchestration tool. Callers are hardcoded CLI tools, not user-controlled input. Code: `asyncio.create_subprocess_exec(*cmd)` at scripts/synthese.py:70
wrappers/claude_wrapper.sh:40-50
Network calls to external APIs
The code makes HTTP requests to external LLM APIs (Anthropic, Ollama). Endpoints are documented and expected: https://api.anthropic.com/v1/messages and http://localhost:11434/api/generate. Required for core functionality.

风险因素

⚡ 包含脚本 (3)
scripts/synthese.py:1-1500 scripts/config.py:1-534 scripts/retry.py:1-611
🌐 网络访问 (3)
scripts/backends/anthropic_backend.py:1-321 wrappers/claude_wrapper.sh:20-50 wrappers/ollama_wrapper.sh:40-46
📁 文件系统访问 (2)
scripts/config.py:175-177 scripts/synthese.py:634-724
🔑 环境变量 (2)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/cli_backend.py:151-152
⚙️ 外部命令 (2)
scripts/synthese.py:64-89 scripts/backends/cli_backend.py:127-224

审计版本 2

低风险

Jan 10, 2026, 10:15 AM

Legitimate multi-LLM synthesis tool. Capabilities align with stated purpose. Subprocess and network calls are documented and expected for calling external LLM services. Input sanitization and validation present. No malicious patterns detected.

14
已扫描文件
4,642
分析行数
7
发现项
claude
审计者
低风险问题 (2)
scripts/synthese.py:70
Subprocess execution for LLM calls
The code executes subprocess calls to invoke external CLI commands (claude, gemini, codex). This is a legitimate capability for an LLM orchestration tool. Callers are hardcoded CLI tools, not user-controlled input. Code: `asyncio.create_subprocess_exec(*cmd)` at scripts/synthese.py:70
wrappers/claude_wrapper.sh:40-50
Network calls to external APIs
The code makes HTTP requests to external LLM APIs (Anthropic, Ollama). Endpoints are documented and expected: https://api.anthropic.com/v1/messages and http://localhost:11434/api/generate. Required for core functionality.

风险因素

⚡ 包含脚本 (3)
scripts/synthese.py:1-1500 scripts/config.py:1-534 scripts/retry.py:1-611
🌐 网络访问 (3)
scripts/backends/anthropic_backend.py:1-321 wrappers/claude_wrapper.sh:20-50 wrappers/ollama_wrapper.sh:40-46
📁 文件系统访问 (2)
scripts/config.py:175-177 scripts/synthese.py:634-724
🔑 环境变量 (2)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/cli_backend.py:151-152
⚙️ 外部命令 (2)
scripts/synthese.py:64-89 scripts/backends/cli_backend.py:127-224

审计版本 1

低风险

Jan 10, 2026, 10:15 AM

Legitimate multi-LLM synthesis tool. Capabilities align with stated purpose. Subprocess and network calls are documented and expected for calling external LLM services. Input sanitization and validation present. No malicious patterns detected.

14
已扫描文件
4,642
分析行数
7
发现项
claude
审计者
低风险问题 (2)
scripts/synthese.py:70
Subprocess execution for LLM calls
The code executes subprocess calls to invoke external CLI commands (claude, gemini, codex). This is a legitimate capability for an LLM orchestration tool. Callers are hardcoded CLI tools, not user-controlled input. Code: `asyncio.create_subprocess_exec(*cmd)` at scripts/synthese.py:70
wrappers/claude_wrapper.sh:40-50
Network calls to external APIs
The code makes HTTP requests to external LLM APIs (Anthropic, Ollama). Endpoints are documented and expected: https://api.anthropic.com/v1/messages and http://localhost:11434/api/generate. Required for core functionality.

风险因素

⚡ 包含脚本 (3)
scripts/synthese.py:1-1500 scripts/config.py:1-534 scripts/retry.py:1-611
🌐 网络访问 (3)
scripts/backends/anthropic_backend.py:1-321 wrappers/claude_wrapper.sh:20-50 wrappers/ollama_wrapper.sh:40-46
📁 文件系统访问 (2)
scripts/config.py:175-177 scripts/synthese.py:634-724
🔑 环境变量 (2)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/cli_backend.py:151-152
⚙️ 外部命令 (2)
scripts/synthese.py:64-89 scripts/backends/cli_backend.py:127-224
← 返回技能