技能 blocklet-converter 審計歷史
📦

審計歷史

blocklet-converter - 6 審計

審計版本 6

最新 安全

Jan 21, 2026, 04:13 PM

This skill is safe for publication. The 125 static findings are false positives from template files and documentation examples. The skill executes legitimate build commands for converting web projects to blocklets. No malicious patterns, data exfiltration, or unauthorized network access detected.

9
已掃描檔案
1,642
分析行數
2
發現項
claude
審計者
低風險問題 (1)
assets/nextjs-entry.txt:1-14templates/nextjs-blocklet.yml:1-43templates/static-blocklet.yml:1-54
Template Files Contain Placeholder Code
Static analysis flagged code patterns in template files and documentation examples. These are legitimate template placeholders for Next.js server configuration and YAML templates that will be copied to user projects. The skill does not execute malicious code.

風險因素

⚙️ 外部命令 (76)
errors.md:9 errors.md:13 errors.md:14 errors.md:16 errors.md:16 errors.md:17 examples.md:5-22 examples.md:22-26 examples.md:26-41 examples.md:41-45 examples.md:45-62 examples.md:62-66 examples.md:66-81 parse-project-meta.js:17-23 SKILL.md:12 SKILL.md:12 SKILL.md:14 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:28 SKILL.md:29 SKILL.md:29 SKILL.md:29 SKILL.md:30 SKILL.md:30 SKILL.md:30 SKILL.md:36 SKILL.md:38 SKILL.md:44 SKILL.md:46 SKILL.md:46 SKILL.md:46 SKILL.md:47 SKILL.md:51-55 SKILL.md:55-59 SKILL.md:59-61 SKILL.md:61-67 SKILL.md:67-69 SKILL.md:69 SKILL.md:69 SKILL.md:69 SKILL.md:69 SKILL.md:69 SKILL.md:69-77 SKILL.md:77-78 SKILL.md:78-79 SKILL.md:79 SKILL.md:79-83 SKILL.md:83-85 SKILL.md:85-89 SKILL.md:89 SKILL.md:89-90 SKILL.md:90-91 SKILL.md:91-95 SKILL.md:95-97 SKILL.md:97-101 SKILL.md:101-103 SKILL.md:103-107 SKILL.md:107-109 SKILL.md:109-119 SKILL.md:119-123 SKILL.md:123-124 SKILL.md:124-125 SKILL.md:125-126 SKILL.md:126-127 SKILL.md:127-128 SKILL.md:128-129 SKILL.md:129-131 SKILL.md:131-141 SKILL.md:141-145 SKILL.md:145-149 SKILL.md:149-150

審計版本 5

中風險

Jan 16, 2026, 04:11 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

9
已掃描檔案
699
分析行數
3
發現項
claude
審計者
未發現安全問題

風險因素

🌐 網路存取 (3)
assets/nextjs-entry.txt:10 skill-report.json:6 templates/static-blocklet.yml:34
🔑 環境變數 (6)
assets/nextjs-entry.txt:3 assets/nextjs-entry.txt:8 assets/nextjs-entry.txt:11 assets/nextjs-entry.txt:3 assets/nextjs-entry.txt:8 assets/nextjs-entry.txt:11
⚙️ 外部命令 (76)
errors.md:9 errors.md:13 errors.md:14 errors.md:16 errors.md:16 errors.md:17 examples.md:5-22 examples.md:22-26 examples.md:26-41 examples.md:41-45 examples.md:45-62 examples.md:62-66 examples.md:66-81 parse-project-meta.js:17-23 SKILL.md:12 SKILL.md:12 SKILL.md:14 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:28 SKILL.md:29 SKILL.md:29 SKILL.md:29 SKILL.md:30 SKILL.md:30 SKILL.md:30 SKILL.md:36 SKILL.md:38 SKILL.md:44 SKILL.md:46 SKILL.md:46 SKILL.md:46 SKILL.md:47 SKILL.md:51-55 SKILL.md:55-59 SKILL.md:59-61 SKILL.md:61-67 SKILL.md:67-69 SKILL.md:69 SKILL.md:69 SKILL.md:69 SKILL.md:69 SKILL.md:69 SKILL.md:69-77 SKILL.md:77-78 SKILL.md:78-79 SKILL.md:79 SKILL.md:79-83 SKILL.md:83-85 SKILL.md:85-89 SKILL.md:89 SKILL.md:89-90 SKILL.md:90-91 SKILL.md:91-95 SKILL.md:95-97 SKILL.md:97-101 SKILL.md:101-103 SKILL.md:103-107 SKILL.md:107-109 SKILL.md:109-119 SKILL.md:119-123 SKILL.md:123-124 SKILL.md:124-125 SKILL.md:125-126 SKILL.md:126-127 SKILL.md:127-128 SKILL.md:128-129 SKILL.md:129-131 SKILL.md:131-141 SKILL.md:141-145 SKILL.md:145-149 SKILL.md:149-150

偵測到的模式

Hardcoded IP addressEnvironment variable access (dot notation)Environment variable objectEnvironment file accessSystem reconnaissanceRuby/shell backtick executionWeak cryptographic algorithmHardcoded URL[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access

審計版本 4

中風險

Jan 16, 2026, 04:11 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

9
已掃描檔案
699
分析行數
3
發現項
claude
審計者
未發現安全問題

風險因素

🌐 網路存取 (3)
assets/nextjs-entry.txt:10 skill-report.json:6 templates/static-blocklet.yml:34
🔑 環境變數 (6)
assets/nextjs-entry.txt:3 assets/nextjs-entry.txt:8 assets/nextjs-entry.txt:11 assets/nextjs-entry.txt:3 assets/nextjs-entry.txt:8 assets/nextjs-entry.txt:11
⚙️ 外部命令 (76)
errors.md:9 errors.md:13 errors.md:14 errors.md:16 errors.md:16 errors.md:17 examples.md:5-22 examples.md:22-26 examples.md:26-41 examples.md:41-45 examples.md:45-62 examples.md:62-66 examples.md:66-81 parse-project-meta.js:17-23 SKILL.md:12 SKILL.md:12 SKILL.md:14 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:22 SKILL.md:28 SKILL.md:29 SKILL.md:29 SKILL.md:29 SKILL.md:30 SKILL.md:30 SKILL.md:30 SKILL.md:36 SKILL.md:38 SKILL.md:44 SKILL.md:46 SKILL.md:46 SKILL.md:46 SKILL.md:47 SKILL.md:51-55 SKILL.md:55-59 SKILL.md:59-61 SKILL.md:61-67 SKILL.md:67-69 SKILL.md:69 SKILL.md:69 SKILL.md:69 SKILL.md:69 SKILL.md:69 SKILL.md:69-77 SKILL.md:77-78 SKILL.md:78-79 SKILL.md:79 SKILL.md:79-83 SKILL.md:83-85 SKILL.md:85-89 SKILL.md:89 SKILL.md:89-90 SKILL.md:90-91 SKILL.md:91-95 SKILL.md:95-97 SKILL.md:97-101 SKILL.md:101-103 SKILL.md:103-107 SKILL.md:107-109 SKILL.md:109-119 SKILL.md:119-123 SKILL.md:123-124 SKILL.md:124-125 SKILL.md:125-126 SKILL.md:126-127 SKILL.md:127-128 SKILL.md:128-129 SKILL.md:129-131 SKILL.md:131-141 SKILL.md:141-145 SKILL.md:145-149 SKILL.md:149-150

偵測到的模式

Hardcoded IP addressEnvironment variable access (dot notation)Environment variable objectEnvironment file accessSystem reconnaissanceRuby/shell backtick executionWeak cryptographic algorithmHardcoded URL[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access

審計版本 3

低風險

Jan 10, 2026, 10:22 AM

This is a legitimate ArcBlock blocklet converter skill that converts static web and Next.js projects into deployable blocklet packages. The skill runs standard build commands and generates configuration files using the official blocklet CLI. All capabilities are appropriate for the stated development tooling purpose.

8
已掃描檔案
398
分析行數
4
發現項
claude
審計者
未發現安全問題

風險因素

📁 檔案系統存取 (3)
SKILL.md:22-32 SKILL.md:59-69 SKILL.md:77-79
⚡ 包含腳本 (2)
SKILL.md:59-61 SKILL.md:95-109
⚙️ 外部命令 (2)
SKILL.md:59-61 SKILL.md:95-109
🔑 環境變數 (1)
assets/nextjs-entry.txt:3-11

審計版本 2

低風險

Jan 10, 2026, 10:22 AM

This is a legitimate ArcBlock blocklet converter skill that converts static web and Next.js projects into deployable blocklet packages. The skill runs standard build commands and generates configuration files using the official blocklet CLI. All capabilities are appropriate for the stated development tooling purpose.

8
已掃描檔案
398
分析行數
4
發現項
claude
審計者
未發現安全問題

風險因素

📁 檔案系統存取 (3)
SKILL.md:22-32 SKILL.md:59-69 SKILL.md:77-79
⚡ 包含腳本 (2)
SKILL.md:59-61 SKILL.md:95-109
⚙️ 外部命令 (2)
SKILL.md:59-61 SKILL.md:95-109
🔑 環境變數 (1)
assets/nextjs-entry.txt:3-11

審計版本 1

低風險

Jan 10, 2026, 10:22 AM

This is a legitimate ArcBlock blocklet converter skill that converts static web and Next.js projects into deployable blocklet packages. The skill runs standard build commands and generates configuration files using the official blocklet CLI. All capabilities are appropriate for the stated development tooling purpose.

8
已掃描檔案
398
分析行數
4
發現項
claude
審計者
未發現安全問題

風險因素

📁 檔案系統存取 (3)
SKILL.md:22-32 SKILL.md:59-69 SKILL.md:77-79
⚡ 包含腳本 (2)
SKILL.md:59-61 SKILL.md:95-109
⚙️ 外部命令 (2)
SKILL.md:59-61 SKILL.md:95-109
🔑 環境變數 (1)
assets/nextjs-entry.txt:3-11
← 返回技能