📦

審計歷史

artifacts-builder - 5 審計

審計版本 5

最新 低風險

Jan 16, 2026, 05:21 PM

Standard development tooling for building React-based artifacts. All static findings are false positives: LICENSE.txt was misidentified (license URLs flagged as 'network', legal text as 'weak crypto'), CSS hsl() colors flagged as 'weak crypto', and documentation text flagged as 'system reconnaissance'. The scripts perform legitimate project initialization, dependency installation from npmjs.com, and file modifications for project configuration. No data exfiltration, no malicious behavior, and all capabilities align with the stated purpose.

5
已掃描檔案
941
分析行數
4
發現項
claude
審計者
未發現安全問題

審計版本 4

低風險

Jan 16, 2026, 05:21 PM

Standard development tooling for building React-based artifacts. All static findings are false positives: LICENSE.txt was misidentified (license URLs flagged as 'network', legal text as 'weak crypto'), CSS hsl() colors flagged as 'weak crypto', and documentation text flagged as 'system reconnaissance'. The scripts perform legitimate project initialization, dependency installation from npmjs.com, and file modifications for project configuration. No data exfiltration, no malicious behavior, and all capabilities align with the stated purpose.

5
已掃描檔案
941
分析行數
4
發現項
claude
審計者
未發現安全問題

審計版本 3

低風險

Jan 10, 2026, 10:24 AM

Standard build tooling with no malicious behavior. Scripts perform project initialization and bundling using legitimate package managers. All capabilities match the stated purpose of building frontend artifacts. Risk factors are typical for development tooling.

4
已掃描檔案
649
分析行數
4
發現項
claude
審計者
低風險問題 (1)
Shell script execution with package installation
The init-artifact.sh and bundle-artifact.sh scripts execute external commands to install npm packages. This is standard build tooling behavior for a frontend development tool. Scripts use 'pnpm add' and 'pnpm install' to install dependencies from the official npm registry. No unexpected network destinations or data exfiltration observed.

審計版本 2

低風險

Jan 10, 2026, 10:24 AM

Standard build tooling with no malicious behavior. Scripts perform project initialization and bundling using legitimate package managers. All capabilities match the stated purpose of building frontend artifacts. Risk factors are typical for development tooling.

4
已掃描檔案
649
分析行數
4
發現項
claude
審計者
低風險問題 (1)
Shell script execution with package installation
The init-artifact.sh and bundle-artifact.sh scripts execute external commands to install npm packages. This is standard build tooling behavior for a frontend development tool. Scripts use 'pnpm add' and 'pnpm install' to install dependencies from the official npm registry. No unexpected network destinations or data exfiltration observed.

審計版本 1

低風險

Jan 10, 2026, 10:24 AM

Standard build tooling with no malicious behavior. Scripts perform project initialization and bundling using legitimate package managers. All capabilities match the stated purpose of building frontend artifacts. Risk factors are typical for development tooling.

4
已掃描檔案
649
分析行數
4
發現項
claude
審計者
低風險問題 (1)
Shell script execution with package installation
The init-artifact.sh and bundle-artifact.sh scripts execute external commands to install npm packages. This is standard build tooling behavior for a frontend development tool. Scripts use 'pnpm add' and 'pnpm install' to install dependencies from the official npm registry. No unexpected network destinations or data exfiltration observed.