技能 chipsec 審計紀錄
📦

審計紀錄

chipsec - 6 審計

審計版本 6

最新 中風險

Jun 28, 2026, 05:59 PM

Static analysis found many command, malware-keyword, weak-hash, and filesystem alerts, but most are Markdown examples for defensive offline firmware analysis. The confirmed concern is repeated guidance to run sudo chmod 777 on a Python site-packages logs directory, which is unsafe documentation for users. No prompt injection attempt, credential exfiltration, or malicious automation was found in the reviewed files.

2
已掃描檔案
869
分析行數
6
發現
codex
審計單位
中風險問題 (1)
SKILL.md:27-29SKILL.md:381-384PLAN.md:56-59PLAN.md:205-208
Unsafe World-Writable System Directory Guidance
The skill instructs users to run sudo mkdir under Python site-packages and then sudo chmod 777 on the logs directory. This is not malicious, but it teaches a world-writable permission pattern in a privileged application directory, which can enable local tampering or unsafe shared-host behavior.
低風險問題 (3)
SKILL.md:48-50SKILL.md:198-217SKILL.md:227-237SKILL.md:363-370PLAN.md:129-147
Defensive Command Examples Flagged as Execution Risk
The static scanner flagged many shell commands, pipes, command substitutions, grep, binwalk, file, diff, and CHIPSEC invocations. These appear inside Markdown code blocks for offline firmware analysis, use user-supplied firmware paths, and are not executable skill code.
SKILL.md:44-60SKILL.md:257-272PLAN.md:13-20PLAN.md:168-178
Malware and C2 Terms Used as Defensive Analysis Vocabulary
Terms such as rootkit, malware, implant, blocked binary, and backdoor describe threats that CHIPSEC can detect. The reviewed context documents detection and incident response, not creation or deployment of malware.
SKILL.md:62-69SKILL.md:328-345PLAN.md:251-263
Weak Hash Names Are Output Fields, Not Cryptographic Choices
MD5 and SHA1 appear in sample CHIPSEC output and inventory descriptions alongside SHA256. The skill does not ask users to rely on weak hashes for trust decisions or implement cryptography.

風險因素

⚙️ 外部命令 (8)
SKILL.md:48-50 SKILL.md:198-217 SKILL.md:227-237 SKILL.md:363-370 SKILL.md:383-384 PLAN.md:56-59 PLAN.md:143-147 PLAN.md:241-247
📁 檔案系統存取 (5)
SKILL.md:116-124 SKILL.md:217 SKILL.md:383-384 PLAN.md:58-59 PLAN.md:207-208

偵測到的模式

Privileged chmod 777 Setup Command

審計版本 5

安全

Jan 16, 2026, 07:55 PM

This is a documentation-only skill providing instructions for Intel's chipsec framework. All 241 static findings are false positives caused by the analyzer misinterpreting documentation as code. The files contain only markdown documentation describing legitimate firmware security analysis workflows. No executable code, no malicious patterns, and no attack tooling.

3
已掃描檔案
1,057
分析行數
2
發現
claude
審計單位
未發現安全問題

風險因素

⚙️ 外部命令 (154)
PLAN.md:9 PLAN.md:9 PLAN.md:31-36 PLAN.md:36-41 PLAN.md:41-46 PLAN.md:46-56 PLAN.md:56-60 PLAN.md:60-65 PLAN.md:65-67 PLAN.md:67-72 PLAN.md:72-74 PLAN.md:74-83 PLAN.md:83-85 PLAN.md:85-90 PLAN.md:90-93 PLAN.md:93-98 PLAN.md:98-100 PLAN.md:100-107 PLAN.md:107-108 PLAN.md:108-109 PLAN.md:109-110 PLAN.md:110-130 PLAN.md:130-139 PLAN.md:139-142 PLAN.md:142-148 PLAN.md:148-151 PLAN.md:151-157 PLAN.md:157-160 PLAN.md:160-166 PLAN.md:166-182 PLAN.md:182-183 PLAN.md:183-184 PLAN.md:184-185 PLAN.md:185-186 PLAN.md:186-191 PLAN.md:191-197 PLAN.md:197-206 PLAN.md:206-209 PLAN.md:209-212 PLAN.md:212-217 PLAN.md:217 PLAN.md:217-224 PLAN.md:224 PLAN.md:224-229 PLAN.md:229-249 PLAN.md:249-267 PLAN.md:267-285 PLAN.md:58 PLAN.md:59 PLAN.md:207 PLAN.md:208 SKILL.md:27-30 SKILL.md:30-34 SKILL.md:34-36 SKILL.md:36-41 SKILL.md:41-42 SKILL.md:42-48 SKILL.md:48-50 SKILL.md:50-63 SKILL.md:63-71 SKILL.md:71-77 SKILL.md:77-79 SKILL.md:79-87 SKILL.md:87-96 SKILL.md:96-102 SKILL.md:102-104 SKILL.md:104-115 SKILL.md:115-117 SKILL.md:117-120 SKILL.md:120-126 SKILL.md:126-130 SKILL.md:130-132 SKILL.md:132-134 SKILL.md:134-137 SKILL.md:137-142 SKILL.md:142-145 SKILL.md:145-147 SKILL.md:147-149 SKILL.md:149 SKILL.md:149-155 SKILL.md:155-157 SKILL.md:157-184 SKILL.md:184-185 SKILL.md:185-186 SKILL.md:186-187 SKILL.md:187-188 SKILL.md:188-189 SKILL.md:189-190 SKILL.md:190-198 SKILL.md:198-221 SKILL.md:221-227 SKILL.md:227-237 SKILL.md:237-243 SKILL.md:243-255 SKILL.md:255-261 SKILL.md:261-285 SKILL.md:285-291 SKILL.md:291-306 SKILL.md:306-330 SKILL.md:330-332 SKILL.md:332-340 SKILL.md:340-352 SKILL.md:352-358 SKILL.md:358-362 SKILL.md:362-371 SKILL.md:371-377 SKILL.md:377-379 SKILL.md:379-382 SKILL.md:382-385 SKILL.md:385-389 SKILL.md:389-391 SKILL.md:391-394 SKILL.md:394-397 SKILL.md:397-401 SKILL.md:401-403 SKILL.md:403-411 SKILL.md:411-414 SKILL.md:414-418 SKILL.md:418-420 SKILL.md:420-422 SKILL.md:422-423 SKILL.md:423-425 SKILL.md:425-429 SKILL.md:429-437 SKILL.md:437-443 SKILL.md:443-450 SKILL.md:450-452 SKILL.md:452-457 SKILL.md:457-459 SKILL.md:459-464 SKILL.md:464-466 SKILL.md:466-471 SKILL.md:471-474 SKILL.md:474-478 SKILL.md:478-480 SKILL.md:480-494 SKILL.md:494-495 SKILL.md:495-496 SKILL.md:496-497 SKILL.md:497-498 SKILL.md:498-504 SKILL.md:504-505 SKILL.md:505-506 SKILL.md:506-507 SKILL.md:507-508 SKILL.md:508-509 SKILL.md:458 SKILL.md:465 SKILL.md:457-459 SKILL.md:464-466 SKILL.md:28 SKILL.md:29 SKILL.md:383 SKILL.md:384
📁 檔案系統存取 (8)
PLAN.md:44 PLAN.md:44 PLAN.md:176 SKILL.md:3 SKILL.md:3 SKILL.md:3 SKILL.md:217 SKILL.md:305

審計版本 4

安全

Jan 16, 2026, 07:55 PM

This is a documentation-only skill providing instructions for Intel's chipsec framework. All 241 static findings are false positives caused by the analyzer misinterpreting documentation as code. The files contain only markdown documentation describing legitimate firmware security analysis workflows. No executable code, no malicious patterns, and no attack tooling.

3
已掃描檔案
1,057
分析行數
2
發現
claude
審計單位
未發現安全問題

風險因素

⚙️ 外部命令 (154)
PLAN.md:9 PLAN.md:9 PLAN.md:31-36 PLAN.md:36-41 PLAN.md:41-46 PLAN.md:46-56 PLAN.md:56-60 PLAN.md:60-65 PLAN.md:65-67 PLAN.md:67-72 PLAN.md:72-74 PLAN.md:74-83 PLAN.md:83-85 PLAN.md:85-90 PLAN.md:90-93 PLAN.md:93-98 PLAN.md:98-100 PLAN.md:100-107 PLAN.md:107-108 PLAN.md:108-109 PLAN.md:109-110 PLAN.md:110-130 PLAN.md:130-139 PLAN.md:139-142 PLAN.md:142-148 PLAN.md:148-151 PLAN.md:151-157 PLAN.md:157-160 PLAN.md:160-166 PLAN.md:166-182 PLAN.md:182-183 PLAN.md:183-184 PLAN.md:184-185 PLAN.md:185-186 PLAN.md:186-191 PLAN.md:191-197 PLAN.md:197-206 PLAN.md:206-209 PLAN.md:209-212 PLAN.md:212-217 PLAN.md:217 PLAN.md:217-224 PLAN.md:224 PLAN.md:224-229 PLAN.md:229-249 PLAN.md:249-267 PLAN.md:267-285 PLAN.md:58 PLAN.md:59 PLAN.md:207 PLAN.md:208 SKILL.md:27-30 SKILL.md:30-34 SKILL.md:34-36 SKILL.md:36-41 SKILL.md:41-42 SKILL.md:42-48 SKILL.md:48-50 SKILL.md:50-63 SKILL.md:63-71 SKILL.md:71-77 SKILL.md:77-79 SKILL.md:79-87 SKILL.md:87-96 SKILL.md:96-102 SKILL.md:102-104 SKILL.md:104-115 SKILL.md:115-117 SKILL.md:117-120 SKILL.md:120-126 SKILL.md:126-130 SKILL.md:130-132 SKILL.md:132-134 SKILL.md:134-137 SKILL.md:137-142 SKILL.md:142-145 SKILL.md:145-147 SKILL.md:147-149 SKILL.md:149 SKILL.md:149-155 SKILL.md:155-157 SKILL.md:157-184 SKILL.md:184-185 SKILL.md:185-186 SKILL.md:186-187 SKILL.md:187-188 SKILL.md:188-189 SKILL.md:189-190 SKILL.md:190-198 SKILL.md:198-221 SKILL.md:221-227 SKILL.md:227-237 SKILL.md:237-243 SKILL.md:243-255 SKILL.md:255-261 SKILL.md:261-285 SKILL.md:285-291 SKILL.md:291-306 SKILL.md:306-330 SKILL.md:330-332 SKILL.md:332-340 SKILL.md:340-352 SKILL.md:352-358 SKILL.md:358-362 SKILL.md:362-371 SKILL.md:371-377 SKILL.md:377-379 SKILL.md:379-382 SKILL.md:382-385 SKILL.md:385-389 SKILL.md:389-391 SKILL.md:391-394 SKILL.md:394-397 SKILL.md:397-401 SKILL.md:401-403 SKILL.md:403-411 SKILL.md:411-414 SKILL.md:414-418 SKILL.md:418-420 SKILL.md:420-422 SKILL.md:422-423 SKILL.md:423-425 SKILL.md:425-429 SKILL.md:429-437 SKILL.md:437-443 SKILL.md:443-450 SKILL.md:450-452 SKILL.md:452-457 SKILL.md:457-459 SKILL.md:459-464 SKILL.md:464-466 SKILL.md:466-471 SKILL.md:471-474 SKILL.md:474-478 SKILL.md:478-480 SKILL.md:480-494 SKILL.md:494-495 SKILL.md:495-496 SKILL.md:496-497 SKILL.md:497-498 SKILL.md:498-504 SKILL.md:504-505 SKILL.md:505-506 SKILL.md:506-507 SKILL.md:507-508 SKILL.md:508-509 SKILL.md:458 SKILL.md:465 SKILL.md:457-459 SKILL.md:464-466 SKILL.md:28 SKILL.md:29 SKILL.md:383 SKILL.md:384
📁 檔案系統存取 (8)
PLAN.md:44 PLAN.md:44 PLAN.md:176 SKILL.md:3 SKILL.md:3 SKILL.md:3 SKILL.md:217 SKILL.md:305

審計版本 3

安全

Jan 10, 2026, 11:31 AM

This is a pure prompt-based skill containing only documentation and instructions for using Intel's chipsec framework. No executable scripts, no network calls, no credential access, and no code execution capabilities. The skill is purely instructional content describing how to perform static firmware analysis.

2
已掃描檔案
869
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 2

安全

Jan 10, 2026, 11:31 AM

This is a pure prompt-based skill containing only documentation and instructions for using Intel's chipsec framework. No executable scripts, no network calls, no credential access, and no code execution capabilities. The skill is purely instructional content describing how to perform static firmware analysis.

2
已掃描檔案
869
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 1

安全

Jan 10, 2026, 11:31 AM

This is a pure prompt-based skill containing only documentation and instructions for using Intel's chipsec framework. No executable scripts, no network calls, no credential access, and no code execution capabilities. The skill is purely instructional content describing how to perform static firmware analysis.

2
已掃描檔案
869
分析行數
0
發現
claude
審計單位
未發現安全問題
← 回到技能