审计历史
generate-sparkle-appcast - 6 审计
审计版本 6
最新 中风险Jun 28, 2026, 07:48 PM
Static analysis found many command, filesystem, network, environment, and sensitive-key patterns. Review confirms the script is a plausible release automation tool, but it handles a Sparkle private signing key and writes temporary key material, so publication should include a clear security warning.
中风险问题 (2)
低风险问题 (3)
风险因素
⚡ 包含脚本 (2)
⚙️ 外部命令 (5)
🌐 网络访问 (4)
📁 文件系统访问 (6)
检测到的模式
审计版本 5
低风险Jan 16, 2026, 07:41 PM
Legitimate macOS release automation tool for generating Sparkle appcast files. All static findings are false positives stemming from the scanner's inability to distinguish between legitimate release tooling and malicious patterns. The script operates only within project build/docs directories, uses standard tooling (git, python3, openssl) for release signing, and handles Ed25519 private keys appropriately for Sparkle update signing.
风险因素
⚡ 包含脚本 (1)
⚙️ 外部命令 (3)
📁 文件系统访问 (3)
审计版本 4
低风险Jan 16, 2026, 07:41 PM
Legitimate macOS release automation tool for generating Sparkle appcast files. All static findings are false positives stemming from the scanner's inability to distinguish between legitimate release tooling and malicious patterns. The script operates only within project build/docs directories, uses standard tooling (git, python3, openssl) for release signing, and handles Ed25519 private keys appropriately for Sparkle update signing.
风险因素
⚡ 包含脚本 (1)
⚙️ 外部命令 (3)
📁 文件系统访问 (3)
审计版本 3
低风险Jan 10, 2026, 11:56 AM
Standard release automation script for generating Sparkle appcast files. Operates only within project build/docs directories. Uses python3, openssl, and git commands appropriate for release signing and git history processing.
风险因素
⚡ 包含脚本 (1)
🔑 环境变量 (1)
审计版本 2
低风险Jan 10, 2026, 11:56 AM
Standard release automation script for generating Sparkle appcast files. Operates only within project build/docs directories. Uses python3, openssl, and git commands appropriate for release signing and git history processing.
风险因素
⚡ 包含脚本 (1)
🔑 环境变量 (1)
审计版本 1
低风险Jan 10, 2026, 11:56 AM
Standard release automation script for generating Sparkle appcast files. Operates only within project build/docs directories. Uses python3, openssl, and git commands appropriate for release signing and git history processing.