審計紀錄
session-memory - 6 審計
審計版本 6
最新 中風險Jun 28, 2026, 08:28 PM
Static command-execution, weak-crypto, reconnaissance, and obfuscation findings were false positives caused by Markdown backticks, plain text, and examples in SKILL.md. The meaningful risk is local persistence: the skill directs agents to read and write memory files that may contain sensitive project history if users record it.
中風險問題 (1)
低風險問題 (3)
風險因素
📁 檔案系統存取 (4)
偵測到的模式
審計版本 5
安全Jan 16, 2026, 08:12 PM
Pure documentation-based skill with no executable code. All patterns detected by static scanner are false positives: markdown code formatting backticks (not shell execution), legitimate metadata fields, and documentation examples. Original audit confirmed no network calls, command execution, or environment access.
風險因素
⚙️ 外部命令 (40)
審計版本 4
安全Jan 16, 2026, 08:12 PM
Pure documentation-based skill with no executable code. All patterns detected by static scanner are false positives: markdown code formatting backticks (not shell execution), legitimate metadata fields, and documentation examples. Original audit confirmed no network calls, command execution, or environment access.
風險因素
⚙️ 外部命令 (40)
審計版本 3
安全Jan 10, 2026, 12:27 PM
Pure documentation-based skill definition with no executable code. All file operations scoped to .claude/memory/ directory. No network calls, no command execution, no environment access. Legitimate purpose-aligned capabilities only.
審計版本 2
安全Jan 10, 2026, 12:27 PM
Pure documentation-based skill definition with no executable code. All file operations scoped to .claude/memory/ directory. No network calls, no command execution, no environment access. Legitimate purpose-aligned capabilities only.
審計版本 1
安全Jan 10, 2026, 12:27 PM
Pure documentation-based skill definition with no executable code. All file operations scoped to .claude/memory/ directory. No network calls, no command execution, no environment access. Legitimate purpose-aligned capabilities only.