審計歷史

All 337 static findings are false positives. The 'external_commands' detections are markdown code block delimiters (```) in documentation, not shell backticks. 'Weak cryptographic algorithm' flags are triggered by substring matches in URL parameters like 'sample=' and 'seed=' - no crypto code exists. 'System reconnaissance' flags are database sampling parameters. No actual security vulnerabilities present. This is a legitimate scholarly API client accessing public OpenAlex database.

All 337 static findings are false positives. The 'external_commands' detections are markdown code block delimiters (```) in documentation, not shell backticks. 'Weak cryptographic algorithm' flags are triggered by substring matches in URL parameters like 'sample=' and 'seed=' - no crypto code exists. 'System reconnaissance' flags are database sampling parameters. No actual security vulnerabilities present. This is a legitimate scholarly API client accessing public OpenAlex database.

Static analysis flagged false positives. The 'weak cryptographic algorithm' findings relate to API sampling parameters, not crypto. The 'external_commands' findings are documentation examples in bash code blocks, not executable code. No actual security vulnerabilities detected.

Legitimate OpenAlex API client with network access limited to documented endpoints. No credential harvesting, environment harvesting, or persistence behaviors detected. Python scripts perform standard HTTP requests to api.openalex.org.