📦

監査履歴

crack-hashcat - 6 監査

監査バージョン 6

最新 高リスク

Jun 28, 2026, 05:16 AM

Static analysis findings are largely true positives for dual-use credential access and password cracking workflows, including privileged hash extraction and cracked password handling. No evidence found of prompt injection, hidden exfiltration, or confirmed malicious intent, but the skill provides operational guidance that can enable unauthorized credential attacks if misused.

5
スキャンされたファイル
2,029
解析された行数
13
検出結果
codex
監査者

高リスクの問題 (3)

Privileged System Hash Extraction Guidance
The skill instructs users to extract hashes from Linux shadow files and Active Directory NTDS data before cracking them with Hashcat. This is a high-risk credential access workflow even though the surrounding text requires authorization.
Credential Cracking Workflows for Enterprise Targets
The skill covers NTLM, WPA2, web application hashes, and Kerberos service ticket cracking. These procedures are legitimate for audits but can also support credential compromise.
Cracked Password Disclosure and Export Guidance
The skill shows how to display and export cracked credentials. Mishandling this output can expose plaintext passwords and increase downstream account takeover risk.
中リスクの問題 (3)
Extensive Shell Command Guidance
Most external-command findings are true positives because the skill is command-driven and includes shell pipelines, file redirection, and helper scripts. The examples are user-run instructions rather than hidden execution by the skill itself.
Unsafe Installer Pattern in CI Template
The CI template includes a pipe-to-shell installer for tfsec. This pattern can execute remote content without local verification if copied into a workflow.
Bundled Generic Security Templates Add Unrelated Risk Surface
The asset and reference templates include vulnerable-code examples, environment-variable examples, API key handling, DOM injection examples, and CI filesystem access. These are mostly instructional false positives, but they increase audit noise and may be copied unsafely.
低リスクの問題 (2)
Hardcoded Documentation URLs
Hardcoded URLs in SKILL.md, rule templates, and CI templates point to public documentation or installer locations. They are expected reference links, except where combined with shell execution.
Weak Algorithm Mentions Are Mostly Contextual
MD5, SHA1, and NTLM appear because the skill identifies and audits weak or legacy hash types. Mentioning these algorithms is not itself insecure, but cracking them is sensitive dual-use activity.

リスク要因

⚙️ 外部コマンド (93)
assets/ci-config-template.yml:298 assets/ci-config-template.yml:301 assets/ci-config-template.yml:304 assets/ci-config-template.yml:307 assets/ci-config-template.yml:310 assets/ci-config-template.yml:134 assets/ci-config-template.yml:250 assets/ci-config-template.yml:291 references/EXAMPLE.md:54-74 references/EXAMPLE.md:74-95 references/EXAMPLE.md:95-108 references/EXAMPLE.md:108-111 references/EXAMPLE.md:111-118 references/EXAMPLE.md:118-122 references/EXAMPLE.md:122-129 references/EXAMPLE.md:129-135 references/EXAMPLE.md:135-151 references/EXAMPLE.md:151-154 references/EXAMPLE.md:154-162 references/EXAMPLE.md:162-296 references/EXAMPLE.md:296-306 references/EXAMPLE.md:306-309 references/EXAMPLE.md:309-318 references/EXAMPLE.md:318-333 references/EXAMPLE.md:333-342 references/EXAMPLE.md:342-346 references/EXAMPLE.md:346-354 references/EXAMPLE.md:354-358 references/EXAMPLE.md:358-361 references/EXAMPLE.md:361-371 references/EXAMPLE.md:371-404 references/EXAMPLE.md:404-414 references/EXAMPLE.md:414-447 references/EXAMPLE.md:447-451 references/EXAMPLE.md:451-472 references/EXAMPLE.md:472-476 references/EXAMPLE.md:476-537 references/WORKFLOW_CHECKLIST.md:74 SKILL.md:35-47 SKILL.md:47-78 SKILL.md:78-100 SKILL.md:100-106 SKILL.md:106-124 SKILL.md:124-131 SKILL.md:131-140 SKILL.md:140-143 SKILL.md:143-146 SKILL.md:146-149 SKILL.md:149-158 SKILL.md:158-161 SKILL.md:161-170 SKILL.md:170-173 SKILL.md:173-179 SKILL.md:179-182 SKILL.md:182-183 SKILL.md:183-184 SKILL.md:184-185 SKILL.md:185-186 SKILL.md:186-187 SKILL.md:187-193 SKILL.md:193-214 SKILL.md:214-220 SKILL.md:220-241 SKILL.md:241-247 SKILL.md:247-262 SKILL.md:262-268 SKILL.md:268-283 SKILL.md:283-327 SKILL.md:327-336 SKILL.md:336-340 SKILL.md:340-349 SKILL.md:349-353 SKILL.md:353-362 SKILL.md:362-366 SKILL.md:366-375 SKILL.md:375-379 SKILL.md:379-385 SKILL.md:385-391 SKILL.md:391-408 SKILL.md:408-412 SKILL.md:412-433 SKILL.md:433-440 SKILL.md:440-453 SKILL.md:453-458 SKILL.md:458-467 SKILL.md:416 SKILL.md:417 SKILL.md:418 SKILL.md:412-433 SKILL.md:392 SKILL.md:415 SKILL.md:120 SKILL.md:342
🌐 ネットワークアクセス (23)
📁 ファイルシステムへのアクセス (2)
🔑 環境変数 (27)
⚡ スクリプトを含む (2)

検出されたパターン

System Password File AccessWindows Domain Credential Material HandlingRemote Script Piped to Shell

監査バージョン 5

中リスク

Jan 16, 2026, 03:28 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

6
スキャンされたファイル
2,239
解析された行数
5
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

⚙️ 外部コマンド (93)
assets/ci-config-template.yml:298 assets/ci-config-template.yml:301 assets/ci-config-template.yml:304 assets/ci-config-template.yml:307 assets/ci-config-template.yml:310 assets/ci-config-template.yml:134 assets/ci-config-template.yml:250 assets/ci-config-template.yml:291 references/EXAMPLE.md:54-74 references/EXAMPLE.md:74-95 references/EXAMPLE.md:95-108 references/EXAMPLE.md:108-111 references/EXAMPLE.md:111-118 references/EXAMPLE.md:118-122 references/EXAMPLE.md:122-129 references/EXAMPLE.md:129-135 references/EXAMPLE.md:135-151 references/EXAMPLE.md:151-154 references/EXAMPLE.md:154-162 references/EXAMPLE.md:162-296 references/EXAMPLE.md:296-306 references/EXAMPLE.md:306-309 references/EXAMPLE.md:309-318 references/EXAMPLE.md:318-333 references/EXAMPLE.md:333-342 references/EXAMPLE.md:342-346 references/EXAMPLE.md:346-354 references/EXAMPLE.md:354-358 references/EXAMPLE.md:358-361 references/EXAMPLE.md:361-371 references/EXAMPLE.md:371-404 references/EXAMPLE.md:404-414 references/EXAMPLE.md:414-447 references/EXAMPLE.md:447-451 references/EXAMPLE.md:451-472 references/EXAMPLE.md:472-476 references/EXAMPLE.md:476-537 references/WORKFLOW_CHECKLIST.md:74 SKILL.md:35-47 SKILL.md:47-78 SKILL.md:78-100 SKILL.md:100-106 SKILL.md:106-124 SKILL.md:124-131 SKILL.md:131-140 SKILL.md:140-143 SKILL.md:143-146 SKILL.md:146-149 SKILL.md:149-158 SKILL.md:158-161 SKILL.md:161-170 SKILL.md:170-173 SKILL.md:173-179 SKILL.md:179-182 SKILL.md:182-183 SKILL.md:183-184 SKILL.md:184-185 SKILL.md:185-186 SKILL.md:186-187 SKILL.md:187-193 SKILL.md:193-214 SKILL.md:214-220 SKILL.md:220-241 SKILL.md:241-247 SKILL.md:247-262 SKILL.md:262-268 SKILL.md:268-283 SKILL.md:283-327 SKILL.md:327-336 SKILL.md:336-340 SKILL.md:340-349 SKILL.md:349-353 SKILL.md:353-362 SKILL.md:362-366 SKILL.md:366-375 SKILL.md:375-379 SKILL.md:379-385 SKILL.md:385-391 SKILL.md:391-408 SKILL.md:408-412 SKILL.md:412-433 SKILL.md:433-440 SKILL.md:440-453 SKILL.md:453-458 SKILL.md:458-467 SKILL.md:416 SKILL.md:417 SKILL.md:418 SKILL.md:412-433 SKILL.md:392 SKILL.md:415 SKILL.md:120 SKILL.md:342
🌐 ネットワークアクセス (23)
📁 ファイルシステムへのアクセス (2)
🔑 環境変数 (27)
⚡ スクリプトを含む (2)

検出されたパターン

Ruby/shell backtick executionShell command substitutionHardcoded URLNode.js fs operationsSynchronous file operationsGit platform tokensWindows SAM databasePipe to shell patternEnvironment variable access (dot notation)Environment variable objectPython environment accessGeneric API/secret keysEnvironment file accessWeak cryptographic algorithmSystem reconnaissancedocument.write injectioninnerHTML assignment (XSS risk)C2 keywordsNetwork reconnaissanceMalware type keywordsRansomware keywordsTemplate literal with command substitutionUnix shell invocationsudo privilege escalationSystem password file access[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

監査バージョン 4

中リスク

Jan 16, 2026, 03:28 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

6
スキャンされたファイル
2,239
解析された行数
5
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

⚙️ 外部コマンド (93)
assets/ci-config-template.yml:298 assets/ci-config-template.yml:301 assets/ci-config-template.yml:304 assets/ci-config-template.yml:307 assets/ci-config-template.yml:310 assets/ci-config-template.yml:134 assets/ci-config-template.yml:250 assets/ci-config-template.yml:291 references/EXAMPLE.md:54-74 references/EXAMPLE.md:74-95 references/EXAMPLE.md:95-108 references/EXAMPLE.md:108-111 references/EXAMPLE.md:111-118 references/EXAMPLE.md:118-122 references/EXAMPLE.md:122-129 references/EXAMPLE.md:129-135 references/EXAMPLE.md:135-151 references/EXAMPLE.md:151-154 references/EXAMPLE.md:154-162 references/EXAMPLE.md:162-296 references/EXAMPLE.md:296-306 references/EXAMPLE.md:306-309 references/EXAMPLE.md:309-318 references/EXAMPLE.md:318-333 references/EXAMPLE.md:333-342 references/EXAMPLE.md:342-346 references/EXAMPLE.md:346-354 references/EXAMPLE.md:354-358 references/EXAMPLE.md:358-361 references/EXAMPLE.md:361-371 references/EXAMPLE.md:371-404 references/EXAMPLE.md:404-414 references/EXAMPLE.md:414-447 references/EXAMPLE.md:447-451 references/EXAMPLE.md:451-472 references/EXAMPLE.md:472-476 references/EXAMPLE.md:476-537 references/WORKFLOW_CHECKLIST.md:74 SKILL.md:35-47 SKILL.md:47-78 SKILL.md:78-100 SKILL.md:100-106 SKILL.md:106-124 SKILL.md:124-131 SKILL.md:131-140 SKILL.md:140-143 SKILL.md:143-146 SKILL.md:146-149 SKILL.md:149-158 SKILL.md:158-161 SKILL.md:161-170 SKILL.md:170-173 SKILL.md:173-179 SKILL.md:179-182 SKILL.md:182-183 SKILL.md:183-184 SKILL.md:184-185 SKILL.md:185-186 SKILL.md:186-187 SKILL.md:187-193 SKILL.md:193-214 SKILL.md:214-220 SKILL.md:220-241 SKILL.md:241-247 SKILL.md:247-262 SKILL.md:262-268 SKILL.md:268-283 SKILL.md:283-327 SKILL.md:327-336 SKILL.md:336-340 SKILL.md:340-349 SKILL.md:349-353 SKILL.md:353-362 SKILL.md:362-366 SKILL.md:366-375 SKILL.md:375-379 SKILL.md:379-385 SKILL.md:385-391 SKILL.md:391-408 SKILL.md:408-412 SKILL.md:412-433 SKILL.md:433-440 SKILL.md:440-453 SKILL.md:453-458 SKILL.md:458-467 SKILL.md:416 SKILL.md:417 SKILL.md:418 SKILL.md:412-433 SKILL.md:392 SKILL.md:415 SKILL.md:120 SKILL.md:342
🌐 ネットワークアクセス (23)
📁 ファイルシステムへのアクセス (2)
🔑 環境変数 (27)
⚡ スクリプトを含む (2)

検出されたパターン

Ruby/shell backtick executionShell command substitutionHardcoded URLNode.js fs operationsSynchronous file operationsGit platform tokensWindows SAM databasePipe to shell patternEnvironment variable access (dot notation)Environment variable objectPython environment accessGeneric API/secret keysEnvironment file accessWeak cryptographic algorithmSystem reconnaissancedocument.write injectioninnerHTML assignment (XSS risk)C2 keywordsNetwork reconnaissanceMalware type keywordsRansomware keywordsTemplate literal with command substitutionUnix shell invocationsudo privilege escalationSystem password file access[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

監査バージョン 3

低リスク

Jan 10, 2026, 10:22 AM

Documentation-only skill containing guidance on Hashcat usage for authorized password auditing and forensic investigations. No executable code present. Risk is limited to potential misuse guidance, but the skill includes explicit authorization warnings and legal compliance notes.

5
スキャンされたファイル
2,029
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

監査バージョン 2

低リスク

Jan 10, 2026, 10:22 AM

Documentation-only skill containing guidance on Hashcat usage for authorized password auditing and forensic investigations. No executable code present. Risk is limited to potential misuse guidance, but the skill includes explicit authorization warnings and legal compliance notes.

5
スキャンされたファイル
2,029
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

監査バージョン 1

低リスク

Jan 10, 2026, 10:22 AM

Documentation-only skill containing guidance on Hashcat usage for authorized password auditing and forensic investigations. No executable code present. Risk is limited to potential misuse guidance, but the skill includes explicit authorization warnings and legal compliance notes.

5
スキャンされたファイル
2,029
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした