技能 database-orm 審計歷史
📦

審計歷史

database-orm - 6 審計

審計版本 6

最新 低風險

Jan 21, 2026, 04:47 PM

This skill provides documentation for database operations using Drizzle ORM with NeonDB Postgres. Static analysis flagged multiple false positives including C2 keywords (the word drizzle from Drizzle ORM) and cryptographic patterns (md file extensions). The only legitimate risk factor is environment variable access for DATABASE_URL, which is standard practice for database connections. All code examples are TypeScript snippets in documentation, not executable malicious code.

2
已掃描檔案
508
分析行數
2
發現項
claude
審計者
低風險問題 (1)
Environment Variable Access for Database Connection
The skill documentation shows process.env.DATABASE_URL being accessed for database connection initialization. This is standard practice for database ORMs and poses minimal risk as it only reads configuration, does not expose secrets externally, and is necessary for the skill's intended functionality.

風險因素

🔑 環境變數 (1)

審計版本 5

中風險

Jan 16, 2026, 04:34 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
已掃描檔案
225
分析行數
4
發現項
claude
審計者
未發現安全問題

偵測到的模式

Hardcoded URLHidden file accessDatabase connection stringsC2 keywordsWeak cryptographic algorithmRuby/shell backtick executionEnvironment variable access (dot notation)Environment variable objectEnvironment file access[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

審計版本 4

中風險

Jan 16, 2026, 04:34 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
已掃描檔案
225
分析行數
4
發現項
claude
審計者
未發現安全問題

偵測到的模式

Hardcoded URLHidden file accessDatabase connection stringsC2 keywordsWeak cryptographic algorithmRuby/shell backtick executionEnvironment variable access (dot notation)Environment variable objectEnvironment file access[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

審計版本 3

安全

Jan 10, 2026, 09:50 AM

Documentation-only skill containing no executable code. SKILL.md provides guidance on database operations using Drizzle ORM with NeonDB. No scripts, network calls, file system access, or command execution capabilities present.

1
已掃描檔案
47
分析行數
0
發現項
claude
審計者
未發現安全問題

審計版本 2

安全

Jan 10, 2026, 09:50 AM

Documentation-only skill containing no executable code. SKILL.md provides guidance on database operations using Drizzle ORM with NeonDB. No scripts, network calls, file system access, or command execution capabilities present.

1
已掃描檔案
47
分析行數
0
發現項
claude
審計者
未發現安全問題

審計版本 1

安全

Jan 10, 2026, 09:50 AM

Documentation-only skill containing no executable code. SKILL.md provides guidance on database operations using Drizzle ORM with NeonDB. No scripts, network calls, file system access, or command execution capabilities present.

1
已掃描檔案
47
分析行數
0
發現項
claude
審計者
未發現安全問題