审计历史
chrome-extension-icons - 6 审计
审计版本 6
最新 中风险Jun 28, 2026, 04:23 PM
AI review did not confirm the static critical heuristic as malicious. Most backtick, weak-crypto, and hidden-file alerts are false positives from markdown fences, template literals, URLs, and the ~/.claude installation path. The real risk is medium because the skill runs a local Node script that downloads icons, reads SVG/config files, writes PNG files, and updates manifest.json paths.
中风险问题 (2)
低风险问题 (3)
风险因素
🌐 网络访问 (4)
📁 文件系统访问 (6)
🔑 环境变量 (1)
检测到的模式
审计版本 5
安全Jan 16, 2026, 08:13 PM
This skill is a legitimate icon generation tool for Chrome extensions. All detected patterns are false positives: documentation examples trigger command pattern detection, network requests are to the documented Iconify API, and filesystem operations are standard file writes to user-specified directories. No credential access, exfiltration, or malicious behavior present.
低风险问题 (2)
风险因素
🌐 网络访问 (1)
📁 文件系统访问 (1)
⚡ 包含脚本 (1)
审计版本 4
安全Jan 16, 2026, 08:13 PM
This skill is a legitimate icon generation tool for Chrome extensions. All detected patterns are false positives: documentation examples trigger command pattern detection, network requests are to the documented Iconify API, and filesystem operations are standard file writes to user-specified directories. No credential access, exfiltration, or malicious behavior present.
低风险问题 (2)
风险因素
🌐 网络访问 (1)
📁 文件系统访问 (1)
⚡ 包含脚本 (1)
审计版本 3
低风险Jan 10, 2026, 11:29 AM
This skill is a legitimate icon generation tool for Chrome extensions. It makes documented HTTPS requests to the Iconify API to search and download icons, converts SVG to PNG using the Sharp library, and updates manifest.json. All operations are confined to user-specified directories with no exfiltration or persistence mechanisms.
低风险问题 (2)
审计版本 2
低风险Jan 10, 2026, 11:29 AM
This skill is a legitimate icon generation tool for Chrome extensions. It makes documented HTTPS requests to the Iconify API to search and download icons, converts SVG to PNG using the Sharp library, and updates manifest.json. All operations are confined to user-specified directories with no exfiltration or persistence mechanisms.
低风险问题 (2)
审计版本 1
低风险Jan 10, 2026, 11:29 AM
This skill is a legitimate icon generation tool for Chrome extensions. It makes documented HTTPS requests to the Iconify API to search and download icons, converts SVG to PNG using the Sharp library, and updates manifest.json. All operations are confined to user-specified directories with no exfiltration or persistence mechanisms.