<< Back to security report
Repositoryastoreyai/claude-skills →
Commitf1ca9b3 →
VerdictFAIL
Score65
DateMay 23, 2026
| Severity | Rule | Message | File:Line |
|---|---|---|---|
| MEDIUM | python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected | Detected a dynamic value being used with urllib. urllib supports 'file://' schemes, so a dynamic value controlled by a malicious actor may allow them to read arbitrary files. Audit uses of urllib calls to ensure user data cannot control the URLs, or consider using the 'requests' library instead. | astoreyai/claude-skills/session-initializer-dcdeddad/skills/worklog/post_to_discord.py:121 → |
| HIGH | python.lang.security.audit.subprocess-shell-true.subprocess-shell-true | Found 'subprocess' function 'run' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use 'shell=False' instead. | astoreyai/claude-skills/session-initializer-dcdeddad/system-health-check/system_health_agent.py:43 → |
| HIGH | python.lang.security.audit.subprocess-shell-true.subprocess-shell-true | Found 'subprocess' function 'run' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use 'shell=False' instead. | astoreyai/claude-skills/session-initializer-dcdeddad/system-health-check/system_health_agent.py:351 → |