技能 security 審計紀錄
📦

審計紀錄

security - 6 審計

審計版本 6

最新 低風險

Jun 28, 2026, 06:14 PM

Static analysis flagged a command block and two weak-cryptography patterns. The command block is documented guidance for local security tools, while the weak-cryptography matches are false positives in descriptive security text.

1
已掃描檔案
72
分析行數
3
發現
codex
審計單位
低風險問題 (2)
Documented External Security Commands
The skill lists local commands for GPG, SSH, git signing, Bandit, pip-audit, Safety, and Semgrep. These are not auto-executed by the skill, but users should review commands before running them in a project.
Weak Cryptography Static Matches Are False Positives
The static weak-cryptography findings point to general security prose and an OWASP item about insecure deserialization. No weak cryptographic algorithm or implementation guidance is present at these locations.

風險因素

⚙️ 外部命令 (1)

偵測到的模式

External Command Guidance

審計版本 5

安全

Jan 16, 2026, 08:48 PM

This is a documentation-only skill containing no executable code. Both SKILL.mdare metadata and documentation files that describe security workflows and list example bash commands as documentation. No file system access, network calls, or code execution capabilities exist. All 12 static findings are FALSE POSITIVES caused by the scanner misidentifying documentation keywords as security vulnerabilities.

2
已掃描檔案
250
分析行數
1
發現
claude
審計單位
未發現安全問題

風險因素

⚙️ 外部命令 (1)

審計版本 4

安全

Jan 16, 2026, 08:48 PM

This is a documentation-only skill containing no executable code. Both SKILL.mdare metadata and documentation files that describe security workflows and list example bash commands as documentation. No file system access, network calls, or code execution capabilities exist. All 12 static findings are FALSE POSITIVES caused by the scanner misidentifying documentation keywords as security vulnerabilities.

2
已掃描檔案
250
分析行數
1
發現
claude
審計單位
未發現安全問題

風險因素

⚙️ 外部命令 (1)

審計版本 3

安全

Jan 10, 2026, 11:40 AM

This is a documentation-only skill containing no executable code. The SKILL.md file describes security workflows and lists command examples as documentation. It references standard security tools (GPG, SSH, Bandit, pip-audit, Safety, Semgrep) that users run directly. No file system access, network calls, or code execution capabilities are present.

1
已掃描檔案
67
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 2

安全

Jan 10, 2026, 11:40 AM

This is a documentation-only skill containing no executable code. The SKILL.md file describes security workflows and lists command examples as documentation. It references standard security tools (GPG, SSH, Bandit, pip-audit, Safety, Semgrep) that users run directly. No file system access, network calls, or code execution capabilities are present.

1
已掃描檔案
67
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 1

安全

Jan 10, 2026, 11:40 AM

This is a documentation-only skill containing no executable code. The SKILL.md file describes security workflows and lists command examples as documentation. It references standard security tools (GPG, SSH, Bandit, pip-audit, Safety, Semgrep) that users run directly. No file system access, network calls, or code execution capabilities are present.

1
已掃描檔案
67
分析行數
0
發現
claude
審計單位
未發現安全問題