技能 packmol 審計紀錄
📦

審計紀錄

packmol - 6 審計

審計版本 6

最新 中風險

Jun 28, 2026, 10:10 PM

The static analyzer reported many high-risk patterns, but review shows most are false positives from markdown code fences, Packmol keywords, relative documentation links, and scientific terms. The confirmed security-relevant behavior is limited to local helper scripts that write user-selected files and optionally run the local packmol binary without a shell.

22
已掃描檔案
6,746
分析行數
8
發現
codex
審計單位
中風險問題 (2)
Optional Local Packmol Execution
scripts/solvate_helper.py can run the local packmol executable when the user passes the run option. The subprocess uses a fixed argv list and no shell, so command injection was not confirmed, but it still executes a local external program and should be disclosed.
User-Selected File Writes
The helper scripts write generated Packmol input content to paths supplied by the user. This is expected functionality, but it can overwrite local files if invoked with an unsafe output path.
低風險問題 (3)
Markdown Backtick Findings Are False Positives
Most external command findings point to markdown code fences and inline Packmol examples rather than Ruby or shell backtick execution. These examples document commands like installing Packmol or running Packmol input files.
Documentation Links Are Not Network Code
Hardcoded URL findings are documentation resources for Packmol guides, examples, and issue trackers. No runtime network request code was found in the reviewed scripts.
Relative Path References Are Documentation Links
Path traversal findings point to relative markdown links such as references to parent directories. They do not demonstrate file reads or writes outside an intended directory.

偵測到的模式

Subprocess Execution Without ShellLocal Output File Creation

審計版本 5

安全

Jan 16, 2026, 07:52 PM

Legitimate scientific tool for molecular dynamics simulation preparation. Static analyzer flagged documentation examples and coordinate syntax as security issues. All findings are false positives: README command examples were misidentified as shell execution, molecular coordinates were flagged as path traversal, and the random seed parameter was misidentified as cryptography. No malicious intent, credential access, or data exfiltration detected.

23
已掃描檔案
7,152
分析行數
2
發現
claude
審計單位
未發現安全問題

審計版本 4

安全

Jan 16, 2026, 07:52 PM

Legitimate scientific tool for molecular dynamics simulation preparation. Static analyzer flagged documentation examples and coordinate syntax as security issues. All findings are false positives: README command examples were misidentified as shell execution, molecular coordinates were flagged as path traversal, and the random seed parameter was misidentified as cryptography. No malicious intent, credential access, or data exfiltration detected.

23
已掃描檔案
7,152
分析行數
2
發現
claude
審計單位
未發現安全問題

審計版本 3

低風險

Jan 10, 2026, 12:11 PM

Legitimate scientific tool for molecular dynamics simulations. Contains 6 Python helper scripts that read/write local PDB files and optionally execute the packmol binary. No network calls or credential access detected. Safe for publication.

20
已掃描檔案
4,173
分析行數
2
發現
claude
審計單位
未發現安全問題

審計版本 2

低風險

Jan 10, 2026, 12:11 PM

Legitimate scientific tool for molecular dynamics simulations. Contains 6 Python helper scripts that read/write local PDB files and optionally execute the packmol binary. No network calls or credential access detected. Safe for publication.

20
已掃描檔案
4,173
分析行數
2
發現
claude
審計單位
未發現安全問題

審計版本 1

低風險

Jan 10, 2026, 12:11 PM

Legitimate scientific tool for molecular dynamics simulations. Contains 6 Python helper scripts that read/write local PDB files and optionally execute the packmol binary. No network calls or credential access detected. Safe for publication.

20
已掃描檔案
4,173
分析行數
2
發現
claude
審計單位
未發現安全問題