📦
審計歷史
better-auth-best-practices - 2 審計
審計版本 2
最新 安全Mar 19, 2026, 08:21 AM
This skill contains documentation-only content (SKILL.md) with no executable code. Static analyzer flagged 144 external command patterns and 7 network URLs, but all are false positives: command examples are CLI instructions for users to run manually, and URLs are documentation links. No security risks detected.
1
已掃描檔案
175
分析行數
2
發現項
claude
審計者
未發現安全問題
風險因素
⚙️ 外部命令
未記錄任何特定位置
🌐 網路存取
未記錄任何特定位置
審計版本 1
安全Jan 23, 2026, 07:20 AM
All 149 static findings are FALSE POSITIVES. This is a documentation-only skill containing markdown reference material. The scanner misinterpreted inline code examples (CLI commands, config snippets) as executable code. No network calls, file system access, or credential handling exists in this skill. Safe for publication.
1
已掃描檔案
166
分析行數
3
發現項
claude
審計者
中風險問題 (3)
External Command Patterns in Documentation
Scanner detected backtick-wrapped code patterns (e.g., `openssl rand`, `npx @better-auth/cli migrate`) and flagged as shell execution. These are inline code examples in markdown documentation, not actual command execution.
Network URL Patterns in Documentation
Scanner detected hardcoded URLs (better-auth.com, GitHub, example.com) as external network calls. These are documentation links, not actual network requests.
Credential Access Patterns in Documentation
Scanner flagged references to authCookies, password.hash(), and similar terms as credential access. These are documentation mentions of authentication concepts.