审计历史
analyzing-component-quality - 6 审计
审计版本 6
最新 中风险Jun 28, 2026, 06:06 PM
Static analysis reported many command, weak-crypto, credential, and network patterns, but review found most are markdown examples or scoring text. No prompt injection, obfuscation, credential access, or network exfiltration was found. The remaining concern is that the skill grants Bash and ships a helper script that reads a caller-provided local path.
中风险问题 (1)
低风险问题 (3)
风险因素
⚡ 包含脚本 (2)
🌐 网络访问 (1)
检测到的模式
审计版本 5
低风险Jan 16, 2026, 07:29 PM
All 234 static findings are FALSE POSITIVES. The scanner incorrectly flagged documentation examples (YAML frontmatter with allowed-tools including Bash), educational security discussions, and security warning strings as actual security threats. The skill is a pure quality analysis tool with Read-only tool access. The quality-scorer.py script only reads local files for heuristic analysis and outputs text reports. No network operations, no external command execution, no credential access.
风险因素
⚡ 包含脚本 (1)
审计版本 4
低风险Jan 16, 2026, 07:29 PM
All 234 static findings are FALSE POSITIVES. The scanner incorrectly flagged documentation examples (YAML frontmatter with allowed-tools including Bash), educational security discussions, and security warning strings as actual security threats. The skill is a pure quality analysis tool with Read-only tool access. The quality-scorer.py script only reads local files for heuristic analysis and outputs text reports. No network operations, no external command execution, no credential access.
风险因素
⚡ 包含脚本 (1)
审计版本 3
低风险Jan 10, 2026, 11:44 AM
Pure quality analysis skill with no malicious capabilities. The Python script reads local files for heuristic analysis only. No network operations, no external command execution, no credential access.
风险因素
⚡ 包含脚本 (1)
审计版本 2
低风险Jan 10, 2026, 11:44 AM
Pure quality analysis skill with no malicious capabilities. The Python script reads local files for heuristic analysis only. No network operations, no external command execution, no credential access.
风险因素
⚡ 包含脚本 (1)
审计版本 1
低风险Jan 10, 2026, 11:44 AM
Pure quality analysis skill with no malicious capabilities. The Python script reads local files for heuristic analysis only. No network operations, no external command execution, no credential access.