审计历史 - sast-configuration

审计版本 4

风险因素

🌐 网络访问 (2)

⚙️ 外部命令 (11)

SKILL.md:52-63 SKILL.md:63-80 SKILL.md:80-88 SKILL.md:88-91 SKILL.md:91-98 SKILL.md:98-130 SKILL.md:130-132 SKILL.md:132-135 SKILL.md:135-142 SKILL.md:142-145 SKILL.md:145-148

📁 文件系统访问 (3)

SKILL.md:172 SKILL.md:173 SKILL.md:174

审计版本 3

安全

Jan 17, 2026, 09:55 AM

This is a pure documentation skill containing only guidance and example commands for configuring SAST tools. All 32 static findings are false positives triggered by security-related terminology in documentation. The skill describes legitimate defensive security practices (Semgrep, SonarQube, CodeQL configuration) with no executable code, file access, network calls, or command execution. Behavior matches stated purpose of providing SAST configuration guidance.

2

已扫描文件

367

分析行数

3

发现项

claude

审计者

未发现安全问题

风险因素

🌐 网络访问 (2)

skill-report.json:6 SKILL.md:93

⚙️ 外部命令 (11)

SKILL.md:52-63 SKILL.md:63-80 SKILL.md:80-88 SKILL.md:88-91 SKILL.md:91-98 SKILL.md:98-130 SKILL.md:130-132 SKILL.md:132-135 SKILL.md:135-142 SKILL.md:142-145 SKILL.md:145-148

📁 文件系统访问 (3)

SKILL.md:172 SKILL.md:173 SKILL.md:174

审计版本 2

安全

Jan 4, 2026, 04:20 PM

Pure documentation skill containing only guidance and example commands for configuring SAST tools. No executable code, file access, network calls, or command execution patterns detected. Behavior matches stated purpose.

4

已扫描文件

411

分析行数

0

发现项

claude

审计者

未发现安全问题

审计版本 1

安全

Jan 4, 2026, 04:20 PM

Pure documentation skill containing only guidance and example commands for configuring SAST tools. No executable code, file access, network calls, or command execution patterns detected. Behavior matches stated purpose.

4

已扫描文件

411

分析行数

0

发现项

claude

审计者

未发现安全问题