審計紀錄
wsdiscovery - 6 審計
審計版本 6
最新 中風險Jun 28, 2026, 05:18 PM
The static external-command findings are partly true because the skill instructs an agent to run the wsdiscovery command against user-provided hosts. The hardcoded IP addresses are documentation examples, and the weak-cryptography alert at SKILL.md line 3 is a false positive with no matching cryptographic code. This is a legitimate but dual-use network discovery skill and should be published with an authorization warning.
中風險問題 (2)
低風險問題 (2)
風險因素
偵測到的模式
審計版本 5
低風險Jan 16, 2026, 08:18 PM
Pure prompt-based skill that provides instructions for using the external wsdiscovery CLI tool. No executable code, no network calls, no filesystem access. The static analyzer produced false positives by misinterpreting JSON metadata and markdown documentation as code patterns. All reported findings are false positives from documentation, not actual security risks.
審計版本 4
低風險Jan 16, 2026, 08:18 PM
Pure prompt-based skill that provides instructions for using the external wsdiscovery CLI tool. No executable code, no network calls, no filesystem access. The static analyzer produced false positives by misinterpreting JSON metadata and markdown documentation as code patterns. All reported findings are false positives from documentation, not actual security risks.
審計版本 3
低風險Jan 10, 2026, 11:44 AM
Pure prompt-based skill with no executable code. This skill only provides instructions for an AI to help users use the external wsdiscovery command-line tool. No network calls, filesystem access, or code execution are performed by the skill itself. The actual scanning capability depends on the external wsdiscovery binary being installed separately.
審計版本 2
低風險Jan 10, 2026, 11:44 AM
Pure prompt-based skill with no executable code. This skill only provides instructions for an AI to help users use the external wsdiscovery command-line tool. No network calls, filesystem access, or code execution are performed by the skill itself. The actual scanning capability depends on the external wsdiscovery binary being installed separately.
審計版本 1
低風險Jan 10, 2026, 11:44 AM
Pure prompt-based skill with no executable code. This skill only provides instructions for an AI to help users use the external wsdiscovery command-line tool. No network calls, filesystem access, or code execution are performed by the skill itself. The actual scanning capability depends on the external wsdiscovery binary being installed separately.