技能 drugbank-database 審計歷史
💊

審計歷史

drugbank-database - 4 審計

審計版本 4

最新 安全

Jan 17, 2026, 06:51 AM

This is a legitimate scientific skill for accessing the DrugBank bioinformatics database. All 353 static findings are FALSE POSITIVES caused by the analyzer misinterpreting Markdown code block syntax and bioinformatics terminology. The skill uses the official drugbank-downloader package for authenticated access to a recognized public database. No actual security risks were identified after manual evaluation.

8
已掃描檔案
2,964
分析行數
4
發現項
claude
審計者
未發現安全問題

風險因素

⚙️ 外部命令 (3)
SKILL.md:21-24 references/data-access.md:14-17 references/chemical-analysis.md:17-47
🌐 網路存取 (2)
references/data-access.md:148 references/chemical-analysis.md:23
📁 檔案系統存取 (2)
references/data-access.md:20 scripts/drugbank_helper.py:188-189
🔑 環境變數 (1)
references/data-access.md:14-16

審計版本 3

安全

Jan 17, 2026, 06:51 AM

This is a legitimate scientific skill for accessing the DrugBank bioinformatics database. All 353 static findings are FALSE POSITIVES caused by the analyzer misinterpreting Markdown code block syntax and bioinformatics terminology. The skill uses the official drugbank-downloader package for authenticated access to a recognized public database. No actual security risks were identified after manual evaluation.

8
已掃描檔案
2,964
分析行數
4
發現項
claude
審計者
未發現安全問題

風險因素

⚙️ 外部命令 (3)
SKILL.md:21-24 references/data-access.md:14-17 references/chemical-analysis.md:17-47
🌐 網路存取 (2)
references/data-access.md:148 references/chemical-analysis.md:23
📁 檔案系統存取 (2)
references/data-access.md:20 scripts/drugbank_helper.py:188-189
🔑 環境變數 (1)
references/data-access.md:14-16

審計版本 2

安全

Jan 12, 2026, 04:28 PM

This is a legitimate scientific skill for accessing the DrugBank bioinformatics database. All 342 static findings are FALSE POSITIVES caused by the analyzer misinterpreting Markdown code block syntax and bioinformatics terminology. The skill uses the official drugbank-downloader package for authenticated access to a recognized public database.

7
已掃描檔案
2,707
分析行數
3
發現項
claude
審計者
未發現安全問題

風險因素

⚙️ 外部命令 (1)
references/chemical-analysis.md:17-47
🌐 網路存取 (1)
references/chemical-analysis.md:23
📁 檔案系統存取 (1)
references/data-access.md:20

審計版本 1

低風險

Jan 4, 2026, 05:15 PM

The skill is documentation and a local XML helper script. It includes example API calls and local caching paths, which introduce limited network and filesystem exposure when used. The helper script only parses XML data with no network calls, command execution, or credential theft.

10
已掃描檔案
2,960
分析行數
5
發現項
claude
審計者
低風險問題 (2)
references/data-access.md:144-152
API requests transmit data to DrugBank
Documentation includes REST API examples: `url = f"https://go.drugbank.com/drugs/{drug_id}.json"` and `response = requests.get(url, headers=headers)`. This sends API credentials over the network when using the DrugBank API.
references/data-access.md:124-129references/data-access.md:177-189
Cache writes to user home directory
Examples write cached data in user home: `drugbank_dir = Path.home() / '.data' / 'drugbank'` and `with open(cache_file, 'wb') as f:`. This writes outside the skill directory for data caching.

風險因素

⚡ 包含腳本 (1)
scripts/drugbank_helper.py:1-351
🌐 網路存取 (1)
references/data-access.md:142-159
📁 檔案系統存取 (2)
references/data-access.md:119-130 references/data-access.md:169-190
← 返回技能