技能 session-memory 審計紀錄
📦

審計紀錄

session-memory - 6 審計

審計版本 6

最新 中風險

Jun 28, 2026, 08:28 PM

Static command-execution, weak-crypto, reconnaissance, and obfuscation findings were false positives caused by Markdown backticks, plain text, and examples in SKILL.md. The meaningful risk is local persistence: the skill directs agents to read and write memory files that may contain sensitive project history if users record it.

1
已掃描檔案
209
分析行數
5
發現
codex
審計單位
中風險問題 (1)
Persistent Local Memory May Store Sensitive Context
The skill declares file write tools and directs agents to store session logs, decisions, patterns, and context under .claude/memory/. This is legitimate for continuity, but it can preserve secrets, private implementation details, or sensitive customer data if users include them in session history.
低風險問題 (3)
False Positive: Markdown Backticks Reported as Shell Execution
The static analyzer flagged many Markdown backticks as Ruby or shell execution. The reviewed lines are prose, file paths, fenced examples, and sample output, with no executable Ruby code or shell command invocation.
False Positive: Weak Cryptography and Obfuscation Signals
The high-risk weak cryptography and entropy alerts do not match the reviewed file. SKILL.md is readable Markdown with Japanese and English text, and no cryptographic algorithm, encoded payload, binary blob, or encrypted content was found.
False Positive: System Reconnaissance Trigger Phrase
The static system reconnaissance alert points to a user trigger phrase about prior work. It does not instruct the agent to inspect the host, enumerate system details, or collect environment information.

偵測到的模式

Local File Persistence

審計版本 5

安全

Jan 16, 2026, 08:12 PM

Pure documentation-based skill with no executable code. All patterns detected by static scanner are false positives: markdown code formatting backticks (not shell execution), legitimate metadata fields, and documentation examples. Original audit confirmed no network calls, command execution, or environment access.

2
已掃描檔案
381
分析行數
1
發現
claude
審計單位
未發現安全問題

審計版本 4

安全

Jan 16, 2026, 08:12 PM

Pure documentation-based skill with no executable code. All patterns detected by static scanner are false positives: markdown code formatting backticks (not shell execution), legitimate metadata fields, and documentation examples. Original audit confirmed no network calls, command execution, or environment access.

2
已掃描檔案
381
分析行數
1
發現
claude
審計單位
未發現安全問題

審計版本 3

安全

Jan 10, 2026, 12:27 PM

Pure documentation-based skill definition with no executable code. All file operations scoped to .claude/memory/ directory. No network calls, no command execution, no environment access. Legitimate purpose-aligned capabilities only.

1
已掃描檔案
209
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 2

安全

Jan 10, 2026, 12:27 PM

Pure documentation-based skill definition with no executable code. All file operations scoped to .claude/memory/ directory. No network calls, no command execution, no environment access. Legitimate purpose-aligned capabilities only.

1
已掃描檔案
209
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 1

安全

Jan 10, 2026, 12:27 PM

Pure documentation-based skill definition with no executable code. All file operations scoped to .claude/memory/ directory. No network calls, no command execution, no environment access. Legitimate purpose-aligned capabilities only.

1
已掃描檔案
209
分析行數
0
發現
claude
審計單位
未發現安全問題