技能 uv-package-manager 審計歷史

審計歷史

uv-package-manager - 4 審計

審計版本 4

最新 安全

Jan 17, 2026, 08:41 AM

Documentation-only skill teaching uv package manager usage. Static findings detected shell pipe patterns and PowerShell commands which are the official installation methods from astral.sh. All detected patterns are standard documentation for legitimate software installation and represent false positives.

2
已掃描檔案
1,080
分析行數
3
發現項
claude
審計者
未發現安全問題

風險因素

⚙️ 外部命令 (3)
SKILL.md:55 SKILL.md:58 SKILL.md:143
🌐 網路存取 (2)
SKILL.md:55 SKILL.md:814-819
📁 檔案系統存取 (2)
SKILL.md:448 SKILL.md:488-490

審計版本 3

安全

Jan 17, 2026, 08:41 AM

Documentation-only skill teaching uv package manager usage. Static findings detected shell pipe patterns and PowerShell commands which are the official installation methods from astral.sh. All detected patterns are standard documentation for legitimate software installation and represent false positives.

2
已掃描檔案
1,080
分析行數
3
發現項
claude
審計者
未發現安全問題

風險因素

⚙️ 外部命令 (3)
SKILL.md:55 SKILL.md:58 SKILL.md:143
🌐 網路存取 (2)
SKILL.md:55 SKILL.md:814-819
📁 檔案系統存取 (2)
SKILL.md:448 SKILL.md:488-490

審計版本 2

嚴重

Jan 4, 2026, 04:39 PM

The skill documentation contains download-and-execute patterns (curl | sh and PowerShell remote execution) that pose security risks, along with shell profile modification commands that could be used for persistence.

4
已掃描檔案
860
分析行數
4
發現項
claude
審計者

嚴重問題 (3)

SKILL.md:55
Download and execute installer script
The skill instructs users to run a remote script via shell pipe, which is a download-and-execute pattern: "curl -LsSf https://astral.sh/uv/install.sh | sh".
SKILL.md:58
Download and execute PowerShell installer
The skill instructs users to execute a remote PowerShell script, which is a download-and-execute pattern: "powershell -c \"irm https://astral.sh/uv/install.ps1 | iex\"".
SKILL.md:680
Shell profile modification
The skill suggests appending to a shell rc file, which is a persistence mechanism pattern: "echo 'export PATH=\"$HOME/.cargo/bin:$PATH\"' >> ~/.bashrc".

風險因素

⚙️ 外部命令 (3)
SKILL.md:55 SKILL.md:58 SKILL.md:680

偵測到的模式

curl pipe to shell installerPowerShell remote executionShell profile modification

審計版本 1

嚴重

Jan 4, 2026, 04:39 PM

The skill documentation contains download-and-execute patterns (curl | sh and PowerShell remote execution) that pose security risks, along with shell profile modification commands that could be used for persistence.

4
已掃描檔案
860
分析行數
4
發現項
claude
審計者

嚴重問題 (3)

SKILL.md:55
Download and execute installer script
The skill instructs users to run a remote script via shell pipe, which is a download-and-execute pattern: "curl -LsSf https://astral.sh/uv/install.sh | sh".
SKILL.md:58
Download and execute PowerShell installer
The skill instructs users to execute a remote PowerShell script, which is a download-and-execute pattern: "powershell -c \"irm https://astral.sh/uv/install.ps1 | iex\"".
SKILL.md:680
Shell profile modification
The skill suggests appending to a shell rc file, which is a persistence mechanism pattern: "echo 'export PATH=\"$HOME/.cargo/bin:$PATH\"' >> ~/.bashrc".

風險因素

⚙️ 外部命令 (3)
SKILL.md:55 SKILL.md:58 SKILL.md:680

偵測到的模式

curl pipe to shell installerPowerShell remote executionShell profile modification
← 返回技能