firefrost-gaming/claude-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
claude-skills-reference/engineering/skill-security-auditor
History
Reza Rezvani 6453a29ecf fix(security-auditor): reduce false positives — whitelist plugin dirs, remove 'token' from exfil pattern 
- Add .claude-plugin, .codex, .gemini to hidden file allowlist (FS-HIDDEN)
  These are required plugin infrastructure directories, not secrets.
- Remove 'tokens?' from PROMPT-EXFIL regex — 'access token' is a standard
  technical term in auth reference docs, causing false positives on every
  skill that documents JWT/OAuth flows (e.g. saas-scaffolder auth-billing-guide)
- Remaining PROMPT-EXFIL patterns (credentials, secrets, api_keys, .env, .ssh,
  .aws, ~/home, /etc) are specific enough to catch real threats

Fixes: CI security audit failure on PR #370 (7 CRITICAL false positives)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 15:43:37 +01:00
..
references
Dev (#231)
2026-03-04 03:04:37 +01:00
scripts
fix(security-auditor): reduce false positives — whitelist plugin dirs, remove 'token' from exfil pattern
2026-03-17 15:43:37 +01:00
SKILL.md
release: v2.1.1 — skill optimization, agents, commands, reference splits (#297)
2026-03-09 15:54:25 +01:00