技能 project-creator 审计历史
📁

审计历史

project-creator - 5 审计

审计版本 5

最新 安全

Jan 16, 2026, 11:51 PM

This is a template-based project creation skill. All static findings are false positives: markdown backticks are code formatting (not shell execution), relative paths are hardcoded template variables (not user input), and validation scripts only read files and output to stdout with no network or credential access.

11
已扫描文件
2,263
分析行数
3
发现项
claude
审计者
未发现安全问题

风险因素

⚡ 包含脚本 (2)
scripts/validate_project.sh:1-124 scripts/validate_project.py:1-159
📁 文件系统访问 (3)
templates/CLAUDE_SIMPLE.md:38-98 templates/CLAUDE_COMPLEX.md:38-98 references/mechanism_specifications.md:27-122
⚙️ 外部命令 (1)
scripts/validate_project.sh:36-62

审计版本 4

安全

Jan 16, 2026, 11:51 PM

This is a template-based project creation skill. All static findings are false positives: markdown backticks are code formatting (not shell execution), relative paths are hardcoded template variables (not user input), and validation scripts only read files and output to stdout with no network or credential access.

11
已扫描文件
2,263
分析行数
3
发现项
claude
审计者
未发现安全问题

风险因素

⚡ 包含脚本 (2)
scripts/validate_project.sh:1-124 scripts/validate_project.py:1-159
📁 文件系统访问 (3)
templates/CLAUDE_SIMPLE.md:38-98 templates/CLAUDE_COMPLEX.md:38-98 references/mechanism_specifications.md:27-122
⚙️ 外部命令 (1)
scripts/validate_project.sh:36-62

审计版本 3

低风险

Jan 10, 2026, 01:43 PM

This is a template-based project creation skill with validation scripts. Scripts only read files and output to stdout. No network calls, credential access, or data exfiltration. All capabilities are legitimate for a project creation tool.

10
已扫描文件
1,541
分析行数
5
发现项
claude
审计者
低风险问题 (2)
scripts/validate_project.sh:28-68
Bash validation script with file read operations
The validate_project.sh script reads project files to validate structure. It uses grep to search for required sections in CLAUDE.md. This is standard validation behavior with no security implications.
scripts/validate_project.py:17-141
Python validation script with file I/O
The validate_project.py script validates project structure by reading files. It uses pathlib for file operations and outputs results to stdout. No network or sensitive data access.

风险因素

⚡ 包含脚本 (2)
scripts/validate_project.sh:1-124 scripts/validate_project.py:1-159
📁 文件系统访问 (3)
SKILL.md:174-193 templates/CLAUDE_SIMPLE.md:1-148 templates/CLAUDE_COMPLEX.md:1-209
⚙️ 外部命令 (1)
scripts/validate_project.sh:36-62

审计版本 2

低风险

Jan 10, 2026, 01:43 PM

This is a template-based project creation skill with validation scripts. Scripts only read files and output to stdout. No network calls, credential access, or data exfiltration. All capabilities are legitimate for a project creation tool.

10
已扫描文件
1,541
分析行数
5
发现项
claude
审计者
低风险问题 (2)
scripts/validate_project.sh:28-68
Bash validation script with file read operations
The validate_project.sh script reads project files to validate structure. It uses grep to search for required sections in CLAUDE.md. This is standard validation behavior with no security implications.
scripts/validate_project.py:17-141
Python validation script with file I/O
The validate_project.py script validates project structure by reading files. It uses pathlib for file operations and outputs results to stdout. No network or sensitive data access.

风险因素

⚡ 包含脚本 (2)
scripts/validate_project.sh:1-124 scripts/validate_project.py:1-159
📁 文件系统访问 (3)
SKILL.md:174-193 templates/CLAUDE_SIMPLE.md:1-148 templates/CLAUDE_COMPLEX.md:1-209
⚙️ 外部命令 (1)
scripts/validate_project.sh:36-62

审计版本 1

低风险

Jan 10, 2026, 01:43 PM

This is a template-based project creation skill with validation scripts. Scripts only read files and output to stdout. No network calls, credential access, or data exfiltration. All capabilities are legitimate for a project creation tool.

10
已扫描文件
1,541
分析行数
5
发现项
claude
审计者
低风险问题 (2)
scripts/validate_project.sh:28-68
Bash validation script with file read operations
The validate_project.sh script reads project files to validate structure. It uses grep to search for required sections in CLAUDE.md. This is standard validation behavior with no security implications.
scripts/validate_project.py:17-141
Python validation script with file I/O
The validate_project.py script validates project structure by reading files. It uses pathlib for file operations and outputs results to stdout. No network or sensitive data access.

风险因素

⚡ 包含脚本 (2)
scripts/validate_project.sh:1-124 scripts/validate_project.py:1-159
📁 文件系统访问 (3)
SKILL.md:174-193 templates/CLAUDE_SIMPLE.md:1-148 templates/CLAUDE_COMPLEX.md:1-209
⚙️ 外部命令 (1)
scripts/validate_project.sh:36-62
← 返回技能