技能 jadx 審計紀錄
📦

審計紀錄

jadx - 6 審計

審計版本 6

最新 中風險

Jun 28, 2026, 06:09 PM

The static analyzer flagged many shell, secret, crypto, and reconnaissance terms, but review shows they are examples in a jadx usage guide. The confirmed risk is legitimate but sensitive external command guidance for decompiling APKs and searching extracted source, which requires authorization and careful path handling.

1
已掃描檔案
676
分析行數
5
發現
codex
審計單位
中風險問題 (1)
SKILL.md:53-65SKILL.md:319-342SKILL.md:408-417
External Command Guidance for APK Analysis
The skill instructs users to run jadx, grep, tee, and shell loops against APK files and generated output. This is expected for a jadx skill, but it can execute local commands and write files, so users must validate paths and only analyze authorized APKs.
低風險問題 (3)
SKILL.md:159-175SKILL.md:303-312
Secret and Environment Findings Are Search Patterns
The API key and related static matches appear inside grep patterns used to find secrets in decompiled Android applications. No evidence found that the skill reads local environment variables or exfiltrates secrets.
SKILL.md:169-170SKILL.md:623-632
Weak Crypto Findings Are Audit Keywords
The DES, MD5, and SHA1 matches are used as examples of insecure cryptography to search for during Android review. No evidence found that the skill implements or recommends weak cryptography.
SKILL.md:571-593SKILL.md:653-662
Network Scanning Reference Is Dual-Use Context
The skill mentions using nmap and other IoT tools after extracting device communication details. This is dual-use security guidance, but the skill also states that APK analysis should be authorized.

風險因素

⚙️ 外部命令 (6)
SKILL.md:53-65 SKILL.md:159-175 SKILL.md:319-342 SKILL.md:349-373 SKILL.md:408-417 SKILL.md:597-620

偵測到的模式

Shell Commands and Pipelines in Documentation

審計版本 5

安全

Jan 16, 2026, 08:03 PM

Pure documentation skill containing only instructional content for using jadx decompiler. No executable code, scripts, network calls, or file system access. All static findings are false positives - grep patterns teach finding credentials in analyzed apps, shell commands show legitimate jadx CLI usage, and keywords appear in standard documentation context.

2
已掃描檔案
855
分析行數
2
發現
claude
審計單位
未發現安全問題

風險因素

🔑 環境變數 (3)
SKILL.md:161 SKILL.md:311 SKILL.md:312
⚙️ 外部命令 (94)
SKILL.md:53-55 SKILL.md:55-58 SKILL.md:58-60 SKILL.md:60-63 SKILL.md:63-65 SKILL.md:65-71 SKILL.md:71-87 SKILL.md:87-94 SKILL.md:94-97 SKILL.md:97-100 SKILL.md:100-102 SKILL.md:102-105 SKILL.md:105-107 SKILL.md:107-112 SKILL.md:112-114 SKILL.md:114-121 SKILL.md:121-123 SKILL.md:123-131 SKILL.md:131-133 SKILL.md:133-139 SKILL.md:139-141 SKILL.md:141-147 SKILL.md:147-149 SKILL.md:149-159 SKILL.md:159-177 SKILL.md:177-182 SKILL.md:182-185 SKILL.md:185-188 SKILL.md:188-192 SKILL.md:192-195 SKILL.md:195-199 SKILL.md:199-202 SKILL.md:202-206 SKILL.md:206-209 SKILL.md:209-212 SKILL.md:212-217 SKILL.md:217-229 SKILL.md:229-232 SKILL.md:232-241 SKILL.md:241-244 SKILL.md:244-247 SKILL.md:247-252 SKILL.md:252-261 SKILL.md:261-266 SKILL.md:266-268 SKILL.md:268-303 SKILL.md:303-313 SKILL.md:313-319 SKILL.md:319-343 SKILL.md:343-349 SKILL.md:349-374 SKILL.md:374-378 SKILL.md:378-386 SKILL.md:386-390 SKILL.md:390-404 SKILL.md:404-408 SKILL.md:408-420 SKILL.md:420-426 SKILL.md:426-429 SKILL.md:429-431 SKILL.md:431-432 SKILL.md:432-436 SKILL.md:436-438 SKILL.md:438-439 SKILL.md:439-443 SKILL.md:443-447 SKILL.md:447-450 SKILL.md:450-454 SKILL.md:454-457 SKILL.md:457-492 SKILL.md:492-494 SKILL.md:494-499 SKILL.md:499-501 SKILL.md:501-506 SKILL.md:506-509 SKILL.md:509-512 SKILL.md:512-514 SKILL.md:514-519 SKILL.md:519-521 SKILL.md:521-525 SKILL.md:525-526 SKILL.md:526-528 SKILL.md:528-533 SKILL.md:533-536 SKILL.md:536-542 SKILL.md:542-546 SKILL.md:546-552 SKILL.md:552-555 SKILL.md:555-559 SKILL.md:559-569 SKILL.md:569-597 SKILL.md:597-621 SKILL.md:411 SKILL.md:408-420

審計版本 4

安全

Jan 16, 2026, 08:03 PM

Pure documentation skill containing only instructional content for using jadx decompiler. No executable code, scripts, network calls, or file system access. All static findings are false positives - grep patterns teach finding credentials in analyzed apps, shell commands show legitimate jadx CLI usage, and keywords appear in standard documentation context.

2
已掃描檔案
855
分析行數
2
發現
claude
審計單位
未發現安全問題

風險因素

🔑 環境變數 (3)
SKILL.md:161 SKILL.md:311 SKILL.md:312
⚙️ 外部命令 (94)
SKILL.md:53-55 SKILL.md:55-58 SKILL.md:58-60 SKILL.md:60-63 SKILL.md:63-65 SKILL.md:65-71 SKILL.md:71-87 SKILL.md:87-94 SKILL.md:94-97 SKILL.md:97-100 SKILL.md:100-102 SKILL.md:102-105 SKILL.md:105-107 SKILL.md:107-112 SKILL.md:112-114 SKILL.md:114-121 SKILL.md:121-123 SKILL.md:123-131 SKILL.md:131-133 SKILL.md:133-139 SKILL.md:139-141 SKILL.md:141-147 SKILL.md:147-149 SKILL.md:149-159 SKILL.md:159-177 SKILL.md:177-182 SKILL.md:182-185 SKILL.md:185-188 SKILL.md:188-192 SKILL.md:192-195 SKILL.md:195-199 SKILL.md:199-202 SKILL.md:202-206 SKILL.md:206-209 SKILL.md:209-212 SKILL.md:212-217 SKILL.md:217-229 SKILL.md:229-232 SKILL.md:232-241 SKILL.md:241-244 SKILL.md:244-247 SKILL.md:247-252 SKILL.md:252-261 SKILL.md:261-266 SKILL.md:266-268 SKILL.md:268-303 SKILL.md:303-313 SKILL.md:313-319 SKILL.md:319-343 SKILL.md:343-349 SKILL.md:349-374 SKILL.md:374-378 SKILL.md:378-386 SKILL.md:386-390 SKILL.md:390-404 SKILL.md:404-408 SKILL.md:408-420 SKILL.md:420-426 SKILL.md:426-429 SKILL.md:429-431 SKILL.md:431-432 SKILL.md:432-436 SKILL.md:436-438 SKILL.md:438-439 SKILL.md:439-443 SKILL.md:443-447 SKILL.md:447-450 SKILL.md:450-454 SKILL.md:454-457 SKILL.md:457-492 SKILL.md:492-494 SKILL.md:494-499 SKILL.md:499-501 SKILL.md:501-506 SKILL.md:506-509 SKILL.md:509-512 SKILL.md:512-514 SKILL.md:514-519 SKILL.md:519-521 SKILL.md:521-525 SKILL.md:525-526 SKILL.md:526-528 SKILL.md:528-533 SKILL.md:533-536 SKILL.md:536-542 SKILL.md:542-546 SKILL.md:546-552 SKILL.md:552-555 SKILL.md:555-559 SKILL.md:559-569 SKILL.md:569-597 SKILL.md:597-621 SKILL.md:411 SKILL.md:408-420

審計版本 3

安全

Jan 10, 2026, 11:35 AM

Pure prompt-based skill containing only documentation. No executable code, scripts, network calls, or file system access. Provides instructional guidance for using the external jadx decompiler tool.

1
已掃描檔案
676
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 2

安全

Jan 10, 2026, 11:35 AM

Pure prompt-based skill containing only documentation. No executable code, scripts, network calls, or file system access. Provides instructional guidance for using the external jadx decompiler tool.

1
已掃描檔案
676
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 1

安全

Jan 10, 2026, 11:35 AM

Pure prompt-based skill containing only documentation. No executable code, scripts, network calls, or file system access. Provides instructional guidance for using the external jadx decompiler tool.

1
已掃描檔案
676
分析行數
0
發現
claude
審計單位
未發現安全問題
← 回到技能