📦

審計紀錄

api-jwt-authenticator - 6 審計

審計版本 6

最新 低風險

Jun 28, 2026, 03:48 AM

Static analysis flagged Markdown backticks, JWT terminology, and HTTP authentication documentation as suspicious patterns. Review found no executable code, shell invocation, prompt injection, malware behavior, or data exfiltration in SKILL.md. The skill is a conceptual security guide and is safe to publish with low residual risk.

1
已掃描檔案
136
分析行數
0
Review items
3
False positives ignored
Static false positives ignored (3)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

False Positive: Markdown Formatting Flagged as Shell Execution
The flagged locations use Markdown inline code for an Authorization header and JWT claim names. They do not contain Ruby code, shell execution, command substitution, or user-controlled command construction.
The evidence is plain Markdown documentation. The surrounding text describes token format and claims, not executable Ruby or shell behavior.
False Positive: Weak Cryptography Pattern Not Confirmed
The flagged lines do not specify a weak signing algorithm or unsafe cryptographic implementation. Line 7 is the skill description, and line 128 discusses testing error response formats.
No cryptographic algorithm is named at either location. The skill recommends validating JWT signatures and expiration but does not prescribe insecure crypto.
False Positive: System Reconnaissance Pattern Not Confirmed
The flagged locations describe HTTP status handling, token structure, information disclosure avoidance, and authentication tests. They do not collect host data, enumerate files, or inspect the runtime environment.
The context is API authentication guidance. No commands, filesystem reads, environment probing, or network discovery instructions are present.
未發現安全問題
審計單位: codex

審計版本 5

安全

Jan 16, 2026, 03:39 PM

This is a pure documentation skill providing conceptual guidance for implementing JWT authentication in FastAPI APIs. Contains no executable code, no network calls, no filesystem operations, and no external command execution. The static analysis findings are false positives triggered by security-related terminology in documentation (JWT, authorization, tokens, roles) and metadata fields. All 27 static findings are dismissed as keyword-pattern false positives.

2
已掃描檔案
314
分析行數
1
Review items
0
False positives ignored
審計單位: claude

審計版本 4

安全

Jan 16, 2026, 03:39 PM

This is a pure documentation skill providing conceptual guidance for implementing JWT authentication in FastAPI APIs. Contains no executable code, no network calls, no filesystem operations, and no external command execution. The static analysis findings are false positives triggered by security-related terminology in documentation (JWT, authorization, tokens, roles) and metadata fields. All 27 static findings are dismissed as keyword-pattern false positives.

2
已掃描檔案
314
分析行數
1
Review items
0
False positives ignored
審計單位: claude

審計版本 3

安全

Jan 10, 2026, 09:48 AM

Pure documentation-based conceptual skill containing only a SKILL.md file. No executable code, no network calls, no filesystem access beyond its own file. The content provides guidance on implementing JWT authentication following security best practices.

1
已掃描檔案
136
分析行數
0
Review items
0
False positives ignored
未發現安全問題
審計單位: claude

審計版本 2

安全

Jan 10, 2026, 09:48 AM

Pure documentation-based conceptual skill containing only a SKILL.md file. No executable code, no network calls, no filesystem access beyond its own file. The content provides guidance on implementing JWT authentication following security best practices.

1
已掃描檔案
136
分析行數
0
Review items
0
False positives ignored
未發現安全問題
審計單位: claude

審計版本 1

安全

Jan 10, 2026, 09:48 AM

Pure documentation-based conceptual skill containing only a SKILL.md file. No executable code, no network calls, no filesystem access beyond its own file. The content provides guidance on implementing JWT authentication following security best practices.

1
已掃描檔案
136
分析行數
0
Review items
0
False positives ignored
未發現安全問題
審計單位: claude