📦

审计历史

reasoning-analogical - 6 审计

审计版本 6

最新 安全

Jun 28, 2026, 03:03 PM

Static analysis reported external command, weak cryptography, and reconnaissance patterns, but review found no executable code or malicious behavior. The hits are false positives from Markdown code fences, sample YAML, type-signature notation, and ordinary prose in SKILL.md.

1
已扫描文件
375
分析行数
3
发现项
codex
审计者
低风险问题 (3)
False Positive: Markdown Fences Flagged as External Commands
The static analyzer interpreted Markdown backtick fences and example blocks as Ruby or shell execution. The referenced lines are documentation examples, not executable commands, and no command invocation is requested.
False Positive: Weak Cryptography Pattern Not Present
The static analyzer reported weak cryptographic algorithm indicators at prose locations. Line 3 is the skill description, and line 283 starts a documentation section about common reasoning failures; neither uses or recommends cryptography.
False Positive: Reconnaissance Pattern Not Present
The static analyzer reported system reconnaissance at line 49, but the line is a table row about success level in source selection. It does not request host, user, process, network, or environment discovery.

审计版本 5

安全

Jan 16, 2026, 06:29 PM

This is a pure documentation skill containing only YAML frontmatter and markdown. No executable code, scripts, network calls, filesystem access, or environment variable reads exist. The static scanner flagged documentation patterns (backticks for markdown code blocks, 'hash' in metadata field names, 'query' in YAML examples) as false positives. All 41 findings are dismissed as non-security issues in documentation context.

2
已扫描文件
552
分析行数
1
发现项
claude
审计者
未发现安全问题

审计版本 4

安全

Jan 16, 2026, 06:29 PM

This is a pure documentation skill containing only YAML frontmatter and markdown. No executable code, scripts, network calls, filesystem access, or environment variable reads exist. The static scanner flagged documentation patterns (backticks for markdown code blocks, 'hash' in metadata field names, 'query' in YAML examples) as false positives. All 41 findings are dismissed as non-security issues in documentation context.

2
已扫描文件
552
分析行数
1
发现项
claude
审计者
未发现安全问题

审计版本 3

安全

Jan 10, 2026, 11:19 AM

This is a pure prompt-based skill consisting only of documentation and reasoning methodology. No executable code, scripts, network calls, filesystem access, or environment variable reads are present. The skill provides a structured framework for analogical reasoning in plain YAML/markdown format.

1
已扫描文件
375
分析行数
0
发现项
claude
审计者
未发现安全问题

审计版本 2

安全

Jan 10, 2026, 11:19 AM

This is a pure prompt-based skill consisting only of documentation and reasoning methodology. No executable code, scripts, network calls, filesystem access, or environment variable reads are present. The skill provides a structured framework for analogical reasoning in plain YAML/markdown format.

1
已扫描文件
375
分析行数
0
发现项
claude
审计者
未发现安全问题

审计版本 1

安全

Jan 10, 2026, 11:19 AM

This is a pure prompt-based skill consisting only of documentation and reasoning methodology. No executable code, scripts, network calls, filesystem access, or environment variable reads are present. The skill provides a structured framework for analogical reasoning in plain YAML/markdown format.

1
已扫描文件
375
分析行数
0
发现项
claude
审计者
未发现安全问题