審計紀錄
maintenance - 6 審計
審計版本 6
最新 中風險Jun 28, 2026, 08:07 PM
Static analysis reported many command-execution, filesystem, weak-crypto, and entropy findings. Review found no malicious payload, network access, credential handling, or prompt-injection text, but the skill intentionally allows Bash and file editing for project cleanup, so it should publish with a medium-risk warning.
中風險問題 (2)
低風險問題 (2)
風險因素
偵測到的模式
審計版本 5
低風險Jan 16, 2026, 07:53 PM
All 60 static findings are FALSE POSITIVES. The flagged code exists in documentation files (auto-cleanup/doc.md), not executable code. Bash command examples use hardcoded strings with no user input. The YAML frontmatter '---' was misidentified as weak cryptography. This is a benign file cleanup utility for managing Plans.md, session-log.md, and CLAUDE.md.
審計版本 4
低風險Jan 16, 2026, 07:53 PM
All 60 static findings are FALSE POSITIVES. The flagged code exists in documentation files (auto-cleanup/doc.md), not executable code. Bash command examples use hardcoded strings with no user input. The YAML frontmatter '---' was misidentified as weak cryptography. This is a benign file cleanup utility for managing Plans.md, session-log.md, and CLAUDE.md.
審計版本 3
低風險Jan 10, 2026, 12:14 PM
This is a file cleanup utility skill with minimal risk. It uses bash scripts for standard file operations (read, write, move) on project documentation files. No network access, no credential exposure, and no persistence mechanisms detected. The skill operates within its documented scope of cleaning Plans.md, session-log.md, and CLAUDE.md files.
審計版本 2
低風險Jan 10, 2026, 12:14 PM
This is a file cleanup utility skill with minimal risk. It uses bash scripts for standard file operations (read, write, move) on project documentation files. No network access, no credential exposure, and no persistence mechanisms detected. The skill operates within its documented scope of cleaning Plans.md, session-log.md, and CLAUDE.md files.
審計版本 1
低風險Jan 10, 2026, 12:14 PM
This is a file cleanup utility skill with minimal risk. It uses bash scripts for standard file operations (read, write, move) on project documentation files. No network access, no credential exposure, and no persistence mechanisms detected. The skill operates within its documented scope of cleaning Plans.md, session-log.md, and CLAUDE.md files.