技能 wp-project-triage 審計歷史
📦

審計歷史

wp-project-triage - 6 審計

審計版本 6

最新 低風險

Jun 28, 2026, 11:57 AM

The static analyzer reported network, command execution, credential, and weak crypto patterns, but contextual review found these were false positives. The skill is a read-only WordPress repository detector that uses local filesystem reads and prints a structured report, so the remaining risk is limited to local repository inspection.

3
已掃描檔案
776
分析行數
6
發現項
codex
審計者
低風險問題 (4)
scripts/detect_wp_project.mjs:26-30scripts/detect_wp_project.mjs:49-57scripts/detect_wp_project.mjs:197-215
Read-Only Repository File Scanning
The detector recursively reads repository files and scans wp-config.php for selected WordPress constants. It does not print secrets or send data, but users should expect local repository inspection.
references/triage.schema.json:2-3
Static Network Findings Dismissed
The hardcoded URLs are JSON Schema identifiers, not outbound requests. No fetch, HTTP client, curl, or wget usage was found in the reviewed files.
scripts/detect_wp_project.mjs:212-215scripts/detect_wp_project.mjs:270-275scripts/detect_wp_project.mjs:589SKILL.md:20-37
Static Command Execution Findings Dismissed
Backtick findings are JavaScript template literals used for regular expressions, recommendation strings, and stdout formatting. No child_process import or shell execution was found.
scripts/detect_wp_project.mjs:44-57scripts/detect_wp_project.mjs:141-147scripts/detect_wp_project.mjs:299-314scripts/detect_wp_project.mjs:440-443SKILL.md:3-35
Static Credential and Crypto Findings Dismissed
The sensitive and weak crypto detections match WordPress API names, Object.keys calls, path checks, and string includes. No certificate handling, key extraction, hashing, or encryption logic was found.

風險因素

⚡ 包含腳本 (2)
SKILL.md:20 scripts/detect_wp_project.mjs:1-3
📁 檔案系統存取 (4)
scripts/detect_wp_project.mjs:20 scripts/detect_wp_project.mjs:28 scripts/detect_wp_project.mjs:101 scripts/detect_wp_project.mjs:335

審計版本 5

低風險

Jan 16, 2026, 06:11 PM

Read-only filesystem scanner for WordPress project detection. No network calls, no command execution, no credential access. Static scanner false positives were caused by misidentified template literals as shell backticks, path.extname() as crypto functions, and standard schema URLs as network security issues.

4
已掃描檔案
994
分析行數
1
發現項
claude
審計者
未發現安全問題

風險因素

📁 檔案系統存取 (1)
scripts/detect_wp_project.mjs:1-593

審計版本 4

低風險

Jan 16, 2026, 06:11 PM

Read-only filesystem scanner for WordPress project detection. No network calls, no command execution, no credential access. Static scanner false positives were caused by misidentified template literals as shell backticks, path.extname() as crypto functions, and standard schema URLs as network security issues.

4
已掃描檔案
994
分析行數
1
發現項
claude
審計者
未發現安全問題

風險因素

📁 檔案系統存取 (1)
scripts/detect_wp_project.mjs:1-593

審計版本 3

低風險

Jan 10, 2026, 10:52 AM

Read-only filesystem scanner for WordPress project detection. No network calls, no command execution, no credential access. The tool safely inspects repository structure to determine project type and available tooling.

3
已掃描檔案
593
分析行數
1
發現項
claude
審計者
未發現安全問題

風險因素

📁 檔案系統存取 (1)
scripts/detect_wp_project.mjs:1-593

審計版本 2

低風險

Jan 10, 2026, 10:52 AM

Read-only filesystem scanner for WordPress project detection. No network calls, no command execution, no credential access. The tool safely inspects repository structure to determine project type and available tooling.

3
已掃描檔案
593
分析行數
1
發現項
claude
審計者
未發現安全問題

風險因素

📁 檔案系統存取 (1)
scripts/detect_wp_project.mjs:1-593

審計版本 1

低風險

Jan 10, 2026, 10:52 AM

Read-only filesystem scanner for WordPress project detection. No network calls, no command execution, no credential access. The tool safely inspects repository structure to determine project type and available tooling.

3
已掃描檔案
593
分析行數
1
發現項
claude
審計者
未發現安全問題

風險因素

📁 檔案系統存取 (1)
scripts/detect_wp_project.mjs:1-593
← 返回技能