技能 design-system-starter 审计历史
📦

审计历史

design-system-starter - 6 审计

审计版本 6

最新 低风险

Jun 28, 2026, 09:47 AM

Static analysis reported many high-risk patterns, but context review found documentation examples, Markdown code fences, relative imports, design token color values, and public reference URLs. No malicious intent, credential access, command execution, data exfiltration, or prompt injection evidence was found. The only notable behavior is a benign example that stores a theme preference in localStorage.

5
已扫描文件
2,557
分析行数
5
发现项
codex
审计者
低风险问题 (5)
SKILL.md:25-28references/component-examples.md:7-76checklists/design-system-checklist.md:202templates/component-template.tsx:7-11
False Positive: Markdown Code Fences Flagged as Commands
The external command findings are Markdown fenced code blocks, inline file references, and TypeScript examples. No shell execution primitive, subprocess call, or command construction was found in the reviewed context.
references/component-examples.md:13templates/component-template.tsx:15
False Positive: Relative Imports Flagged as Path Traversal
The filesystem findings are static React import examples using a relative utility path. They do not read user-controlled paths, write files, or traverse the host filesystem at runtime.
references/component-examples.md:478-487
Benign Browser Storage Example
The browser storage finding stores and reads only a light or dark theme preference. No credential, token, personal data, or network transfer is associated with this example.
templates/design-tokens-template.json:2SKILL.md:473
False Positive: Public Documentation URLs Flagged as Network Risk
The network findings are a design token schema URL and a link to a public contrast checker. They are references in data or documentation, not runtime calls that send data externally.
templates/design-tokens-template.json:180templates/design-tokens-template.json:251-274templates/component-template.tsx:128-133SKILL.md:327-344
False Positive: Color Tokens and Keyboard Examples Flagged as Sensitive or Malicious
Weak cryptography, C2 keyword, and key-file findings map to design token names, hex colors, size labels, and keyboard event examples. No cryptographic implementation, certificate material, malware command channel, or secret file content was found.

审计版本 5

安全

Jan 16, 2026, 04:30 PM

This is a pure documentation skill containing design system guidance, JSON token schemas, TypeScript component templates, and accessibility checklists. The static analyzer generated false positives by misinterpreting markdown code fences as shell backticks, JSON keys as cryptographic algorithms, and documentation patterns as reconnaissance. All findings are dismissed as false positives.

6
已扫描文件
2,777
分析行数
3
发现项
claude
审计者
未发现安全问题

风险因素

⚙️ 外部命令 (71)
checklists/design-system-checklist.md:202 references/component-examples.md:7-72 references/component-examples.md:72-76 references/component-examples.md:76-122 references/component-examples.md:122-126 references/component-examples.md:126-192 references/component-examples.md:192-196 references/component-examples.md:196-251 references/component-examples.md:251-255 references/component-examples.md:255-356 references/component-examples.md:356-360 references/component-examples.md:360-416 references/component-examples.md:416-420 references/component-examples.md:420-461 references/component-examples.md:461-465 references/component-examples.md:465-493 references/component-examples.md:493-500 references/component-examples.md:500-504 references/component-examples.md:504-578 SKILL.md:25 SKILL.md:26 SKILL.md:27 SKILL.md:28 SKILL.md:75-95 SKILL.md:95-98 SKILL.md:98-128 SKILL.md:128-137 SKILL.md:137-175 SKILL.md:175-181 SKILL.md:181-199 SKILL.md:199-202 SKILL.md:202-216 SKILL.md:216-220 SKILL.md:220-233 SKILL.md:233-237 SKILL.md:237-248 SKILL.md:248-270 SKILL.md:270-279 SKILL.md:279-281 SKILL.md:281-292 SKILL.md:292-301 SKILL.md:301-303 SKILL.md:303-332 SKILL.md:332-340 SKILL.md:340-343 SKILL.md:343-357 SKILL.md:357-360 SKILL.md:360-378 SKILL.md:378-382 SKILL.md:382-385 SKILL.md:385-387 SKILL.md:387-395 SKILL.md:395-428 SKILL.md:428-433 SKILL.md:433-443 SKILL.md:443-446 SKILL.md:446-450 SKILL.md:450-453 SKILL.md:453-460 SKILL.md:460-476 SKILL.md:476-491 SKILL.md:491-495 SKILL.md:495-496 SKILL.md:496-497 SKILL.md:497-498 SKILL.md:498-501 SKILL.md:501 SKILL.md:501 SKILL.md:501-505 SKILL.md:505-523 templates/component-template.tsx:7-11
📁 文件系统访问 (2)
references/component-examples.md:13 templates/component-template.tsx:15
🌐 网络访问 (2)
SKILL.md:473 templates/design-tokens-template.json:2

审计版本 4

安全

Jan 16, 2026, 04:30 PM

This is a pure documentation skill containing design system guidance, JSON token schemas, TypeScript component templates, and accessibility checklists. The static analyzer generated false positives by misinterpreting markdown code fences as shell backticks, JSON keys as cryptographic algorithms, and documentation patterns as reconnaissance. All findings are dismissed as false positives.

6
已扫描文件
2,777
分析行数
3
发现项
claude
审计者
未发现安全问题

风险因素

⚙️ 外部命令 (71)
checklists/design-system-checklist.md:202 references/component-examples.md:7-72 references/component-examples.md:72-76 references/component-examples.md:76-122 references/component-examples.md:122-126 references/component-examples.md:126-192 references/component-examples.md:192-196 references/component-examples.md:196-251 references/component-examples.md:251-255 references/component-examples.md:255-356 references/component-examples.md:356-360 references/component-examples.md:360-416 references/component-examples.md:416-420 references/component-examples.md:420-461 references/component-examples.md:461-465 references/component-examples.md:465-493 references/component-examples.md:493-500 references/component-examples.md:500-504 references/component-examples.md:504-578 SKILL.md:25 SKILL.md:26 SKILL.md:27 SKILL.md:28 SKILL.md:75-95 SKILL.md:95-98 SKILL.md:98-128 SKILL.md:128-137 SKILL.md:137-175 SKILL.md:175-181 SKILL.md:181-199 SKILL.md:199-202 SKILL.md:202-216 SKILL.md:216-220 SKILL.md:220-233 SKILL.md:233-237 SKILL.md:237-248 SKILL.md:248-270 SKILL.md:270-279 SKILL.md:279-281 SKILL.md:281-292 SKILL.md:292-301 SKILL.md:301-303 SKILL.md:303-332 SKILL.md:332-340 SKILL.md:340-343 SKILL.md:343-357 SKILL.md:357-360 SKILL.md:360-378 SKILL.md:378-382 SKILL.md:382-385 SKILL.md:385-387 SKILL.md:387-395 SKILL.md:395-428 SKILL.md:428-433 SKILL.md:433-443 SKILL.md:443-446 SKILL.md:446-450 SKILL.md:450-453 SKILL.md:453-460 SKILL.md:460-476 SKILL.md:476-491 SKILL.md:491-495 SKILL.md:495-496 SKILL.md:496-497 SKILL.md:497-498 SKILL.md:498-501 SKILL.md:501 SKILL.md:501 SKILL.md:501-505 SKILL.md:505-523 templates/component-template.tsx:7-11
📁 文件系统访问 (2)
references/component-examples.md:13 templates/component-template.tsx:15
🌐 网络访问 (2)
SKILL.md:473 templates/design-tokens-template.json:2

审计版本 3

安全

Jan 10, 2026, 10:33 AM

This is a pure documentation and template skill with no executable code, network calls, or file system access. It contains only design system guidance, JSON token schemas, TypeScript component templates, and accessibility checklists.

5
已扫描文件
2,557
分析行数
0
发现项
claude
审计者
未发现安全问题

审计版本 2

安全

Jan 10, 2026, 10:33 AM

This is a pure documentation and template skill with no executable code, network calls, or file system access. It contains only design system guidance, JSON token schemas, TypeScript component templates, and accessibility checklists.

5
已扫描文件
2,557
分析行数
0
发现项
claude
审计者
未发现安全问题

审计版本 1

安全

Jan 10, 2026, 10:33 AM

This is a pure documentation and template skill with no executable code, network calls, or file system access. It contains only design system guidance, JSON token schemas, TypeScript component templates, and accessibility checklists.

5
已扫描文件
2,557
分析行数
0
发现项
claude
审计者
未发现安全问题
← 返回技能