🧹
审计历史
clean-code - 2 审计
审计版本 2
最新 安全Feb 25, 2026, 05:46 AM
Static analysis detected 29 potential issues (external commands, network patterns, weak cryptography, system reconnaissance), but all are FALSE POSITIVES. The findings match Markdown code block delimiters (backticks), documentation examples, and reference URLs in educational content. The skill contains no executable code, performs no file operations, makes no network requests, and is purely documentation about software engineering principles. Safe to publish.
1
已扫描文件
95
分析行数
0
发现项
claude
审计者
未发现安全问题
审计版本 1
安全Feb 10, 2026, 09:04 AM
Static findings pointed to command execution, cryptography, and reconnaissance, but the file contains only documentation text. The only URL is a source attribution link, not a network action. No security risks were confirmed.
1
已扫描文件
95
分析行数
4
发现项
codex
审计者
低风险问题 (4)
SKILL.md:24SKILL.md:25SKILL.md:26SKILL.md:27SKILL.md:28SKILL.md:29SKILL.md:35SKILL.md:42-45SKILL.md:45-47SKILL.md:47-49SKILL.md:49-61SKILL.md:61-68
False positive: external command execution
No command execution exists; the lines are prose and inline examples. Confidence: 0.2. Confidence reasoning: Only backticked identifiers and text appear.
False positive: weak cryptography
No cryptographic algorithms are used; these lines are descriptive text. Confidence: 0.15. Confidence reasoning: No crypto APIs or hashes appear.
False positive: system reconnaissance
The cited lines describe naming and design guidance, not system inspection. Confidence: 0.2. Confidence reasoning: No commands or environment reads are present.
Informational: external URL reference
The URL is a source attribution link in metadata, not a runtime network request. Confidence: 0.35. Confidence reasoning: It appears only in the front matter.