扫描报告
5 /100
soc2-evidence-collector
Generate SOC2 evidence collection checklists, automate evidence gathering scripts, and produce audit-ready evidence packages across all 5 Trust Service Criteria.
The skill is a SOC2 evidence collection documentation tool with no executable code, scripts, or dependencies. The pre-scan IOC for base64 -d at SKILL.md:175 is a false positive — it is standard AWS API response handling in a legitimate documentation example.
可以安装
Approve for use. The skill generates compliance documentation and example shell scripts for SOC2 audits. No malicious behavior detected.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Sales promotional content 文档欺骗 | SKILL.md:278 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md declares Read as the primary interaction method for evidence gathering |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md contains bash script examples for AWS/GitHub evidence collection; Bash … |
| 网络访问 | READ | READ | ✓ 一致 | Skill only documents AWS CLI and GitHub API calls for evidence collection; no ar… |
1 严重 3 项发现
严重 编码执行 Base64 编码执行(代码混淆)
base64 -d SKILL.md:175 中危 外部 URL 外部 URL
https://afrexai.com README.md:48 提示 邮箱 邮箱地址
[email protected] SKILL.md:278 目录结构
2 文件 · 15.3 KB · 326 行 Markdown 2f · 326L
├─
README.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Pure documentation skill — no executable code or scripts in the package
✓ No dependencies (no requirements.txt, package.json, Cargo.toml, etc.), eliminating supply chain risk
✓ The base64 -d usage is standard AWS credential report handling (aws iam generate-credential-report returns base64-encoded CSV)
✓ No credential harvesting or exfiltration — shell script examples only write to local soc2-evidence/ directories
✓ No references to sensitive paths (~/.ssh, ~/.aws, .env) except as part of legitimate AWS CLI command documentation
✓ Well-structured SKILL.md with clear evidence categories aligned to SOC2 Trust Service Criteria
✓ No obfuscation, eval(), or hidden instructions in HTML comments or elsewhere