📦
監査履歴
pentest-metasploit - 6 監査
監査バージョン 6
最新 高リスクJun 28, 2026, 05:47 AM
Static findings are mostly true positives for a high-risk dual-use Metasploit skill: it contains operational exploit, payload, post-exploitation, credential access, pivoting, and evasion guidance. Several template and reference detections are false positives because they are security-rule examples or CI documentation, and no prompt-injection evidence was found. The skill is not blocked as confirmed malicious because it repeatedly requires authorization, but it is not safe for general publication.
5
スキャンされたファイル
1,975
解析された行数
15
検出結果
codex
監査者
高リスクの問題 (4)
Operational Metasploit Exploitation Guidance
TRUE POSITIVE: The skill provides executable Metasploit workflows for target enumeration, exploit selection, payload configuration, and exploit execution. This is legitimate for authorized testing, but it directly enables compromise if used outside scope.
Credential Access, Persistence, and Privilege Escalation Workflows
TRUE POSITIVE: The skill names post-exploitation modules for password hash extraction, stored credential collection, persistence, privilege escalation, and UAC bypass. These are high-risk actions even when described as authorized activities.
Phishing Payload, Pivoting, and Evasion Examples
TRUE POSITIVE: The skill includes malicious document generation, reverse Meterpreter handlers, SOCKS pivoting, proxychains scanning, and payload evasion guidance. These workflows can support intrusion operations if misused.
C2 Framework Integration References
TRUE POSITIVE: The skill references exporting sessions to Cobalt Strike beacons and handoff to PowerShell Empire. This expands the workflow toward command-and-control tooling, which is high-risk dual-use content.
中リスクの問題 (3)
CI Template Uses Pipe to Shell Installer
TRUE POSITIVE: The CI template pipes a remote install script into a shell. This is a supply-chain risk because remote content can change before execution, although it appears to be a reusable security pipeline template rather than hidden behavior.
Network Scanning and Internal Pivoting Commands
TRUE POSITIVE: The skill includes nmap-backed database enumeration, SMB scanning, autoroute, and proxychains examples. These are expected in penetration testing, but they can affect unauthorized systems if scope controls fail.
assets/ci-config-template.yml:161-164assets/ci-config-template.yml:317-323assets/rule-template.yaml:146-165
Template Environment and Filesystem Access Are Mostly Benign
FALSE POSITIVE WITH RESIDUAL RISK: The flagged GitHub token, environment variable, and file reads are used in CI, security-rule, or reference examples. They do not show secret exfiltration, but users should review copied templates before use.
低リスクの問題 (3)
Security Rule Examples Trigger Static Patterns
FALSE POSITIVE: The hardcoded-secret, weak-crypto, and XSS detections in the rule template and reference document are examples of vulnerable code used for security education and detection-rule authoring.
Reference Template Reconnaissance Terms Are Contextual
FALSE POSITIVE: Some reconnaissance, malware, and incident-response terms appear in generic workflow templates. They describe defensive documentation patterns rather than executable intrusion instructions.
No Prompt Injection Evidence Found
FALSE POSITIVE CHECK: Targeted review found no text claiming system authority, asking the evaluator to ignore instructions, or claiming the skill is pre-approved. No evidence found for prompt injection.
リスク要因
⚙️ 外部コマンド (85)
assets/ci-config-template.yml:298 assets/ci-config-template.yml:301 assets/ci-config-template.yml:304 assets/ci-config-template.yml:307 assets/ci-config-template.yml:310 assets/ci-config-template.yml:134 assets/ci-config-template.yml:250 assets/ci-config-template.yml:291 references/EXAMPLE.md:54-74 references/EXAMPLE.md:74-95 references/EXAMPLE.md:95-108 references/EXAMPLE.md:108-111 references/EXAMPLE.md:111-118 references/EXAMPLE.md:118-122 references/EXAMPLE.md:122-129 references/EXAMPLE.md:129-135 references/EXAMPLE.md:135-151 references/EXAMPLE.md:151-154 references/EXAMPLE.md:154-162 references/EXAMPLE.md:162-296 references/EXAMPLE.md:296-306 references/EXAMPLE.md:306-309 references/EXAMPLE.md:309-318 references/EXAMPLE.md:318-333 references/EXAMPLE.md:333-342 references/EXAMPLE.md:342-346 references/EXAMPLE.md:346-354 references/EXAMPLE.md:354-358 references/EXAMPLE.md:358-361 references/EXAMPLE.md:361-371 references/EXAMPLE.md:371-404 references/EXAMPLE.md:404-414 references/EXAMPLE.md:414-447 references/EXAMPLE.md:447-451 references/EXAMPLE.md:451-472 references/EXAMPLE.md:472-476 references/EXAMPLE.md:476-537 references/WORKFLOW_CHECKLIST.md:74 SKILL.md:36-48 SKILL.md:48-79 SKILL.md:79-83 SKILL.md:83-87 SKILL.md:87-91 SKILL.md:91-97 SKILL.md:97-101 SKILL.md:101-113 SKILL.md:113-127 SKILL.md:127-133 SKILL.md:133-142 SKILL.md:142-154 SKILL.md:154-176 SKILL.md:176-179 SKILL.md:179-180 SKILL.md:180-181 SKILL.md:181-182 SKILL.md:182-188 SKILL.md:188-199 SKILL.md:199-202 SKILL.md:202-203 SKILL.md:203-204 SKILL.md:204-205 SKILL.md:205-211 SKILL.md:211-223 SKILL.md:223-227 SKILL.md:227-233 SKILL.md:233-276 SKILL.md:276-282 SKILL.md:282-286 SKILL.md:286-293 SKILL.md:293-297 SKILL.md:297-311 SKILL.md:311-315 SKILL.md:315-322 SKILL.md:322-330 SKILL.md:330-344 SKILL.md:344-348 SKILL.md:348-377 SKILL.md:377-390 SKILL.md:390-400 SKILL.md:400-411 SKILL.md:411-416 SKILL.md:416-430 SKILL.md:350 SKILL.md:444 SKILL.md:38
🌐 ネットワークアクセス (25)
assets/ci-config-template.yml:240 assets/rule-template.yaml:43 assets/rule-template.yaml:44 assets/rule-template.yaml:45 assets/rule-template.yaml:73 assets/rule-template.yaml:118 assets/rule-template.yaml:119 assets/rule-template.yaml:151 assets/rule-template.yaml:191 assets/rule-template.yaml:192 assets/rule-template.yaml:193 assets/rule-template.yaml:217 assets/rule-template.yaml:260 assets/rule-template.yaml:261 assets/rule-template.yaml:288 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:451 SKILL.md:452 SKILL.md:453 SKILL.md:454 SKILL.md:455 SKILL.md:229 SKILL.md:229
📁 ファイルシステムへのアクセス (2)
🔑 環境変数 (27)
assets/ci-config-template.yml:164 assets/ci-config-template.yml:164 assets/rule-template.yaml:148 assets/rule-template.yaml:148 assets/rule-template.yaml:147 assets/rule-template.yaml:162 assets/rule-template.yaml:132 assets/rule-template.yaml:147 assets/rule-template.yaml:148 assets/rule-template.yaml:156 assets/rule-template.yaml:157 assets/rule-template.yaml:162 assets/rule-template.yaml:162 assets/rule-template.yaml:163 assets/rule-template.yaml:164 assets/rule-template.yaml:165 references/EXAMPLE.md:423 references/EXAMPLE.md:423 references/EXAMPLE.md:423 references/EXAMPLE.md:424 references/EXAMPLE.md:425 references/EXAMPLE.md:427 references/EXAMPLE.md:430 references/EXAMPLE.md:432 references/EXAMPLE.md:437 references/EXAMPLE.md:437 references/EXAMPLE.md:444
⚡ スクリプトを含む (2)
検出されたパターン
Exploit and Payload Execution CommandsCredential Dumping and Persistence ModulesPayload Evasion and C2-Oriented IntegrationRemote Script Piped to Shell in CI Template
監査バージョン 5
低リスクJan 16, 2026, 03:47 PM
This is a pure documentation skill providing Metasploit Framework guidance. Contains no executable code, scripts, or network operations. All static findings are false positives - the scanner detects security tool names and techniques in educational documentation that would only be dangerous if executed. The skill emphasizes legal compliance and authorization requirements throughout.
6
スキャンされたファイル
2,189
解析された行数
5
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした
リスク要因
⚙️ 外部コマンド (85)
assets/ci-config-template.yml:298 assets/ci-config-template.yml:301 assets/ci-config-template.yml:304 assets/ci-config-template.yml:307 assets/ci-config-template.yml:310 assets/ci-config-template.yml:134 assets/ci-config-template.yml:250 assets/ci-config-template.yml:291 references/EXAMPLE.md:54-74 references/EXAMPLE.md:74-95 references/EXAMPLE.md:95-108 references/EXAMPLE.md:108-111 references/EXAMPLE.md:111-118 references/EXAMPLE.md:118-122 references/EXAMPLE.md:122-129 references/EXAMPLE.md:129-135 references/EXAMPLE.md:135-151 references/EXAMPLE.md:151-154 references/EXAMPLE.md:154-162 references/EXAMPLE.md:162-296 references/EXAMPLE.md:296-306 references/EXAMPLE.md:306-309 references/EXAMPLE.md:309-318 references/EXAMPLE.md:318-333 references/EXAMPLE.md:333-342 references/EXAMPLE.md:342-346 references/EXAMPLE.md:346-354 references/EXAMPLE.md:354-358 references/EXAMPLE.md:358-361 references/EXAMPLE.md:361-371 references/EXAMPLE.md:371-404 references/EXAMPLE.md:404-414 references/EXAMPLE.md:414-447 references/EXAMPLE.md:447-451 references/EXAMPLE.md:451-472 references/EXAMPLE.md:472-476 references/EXAMPLE.md:476-537 references/WORKFLOW_CHECKLIST.md:74 SKILL.md:36-48 SKILL.md:48-79 SKILL.md:79-83 SKILL.md:83-87 SKILL.md:87-91 SKILL.md:91-97 SKILL.md:97-101 SKILL.md:101-113 SKILL.md:113-127 SKILL.md:127-133 SKILL.md:133-142 SKILL.md:142-154 SKILL.md:154-176 SKILL.md:176-179 SKILL.md:179-180 SKILL.md:180-181 SKILL.md:181-182 SKILL.md:182-188 SKILL.md:188-199 SKILL.md:199-202 SKILL.md:202-203 SKILL.md:203-204 SKILL.md:204-205 SKILL.md:205-211 SKILL.md:211-223 SKILL.md:223-227 SKILL.md:227-233 SKILL.md:233-276 SKILL.md:276-282 SKILL.md:282-286 SKILL.md:286-293 SKILL.md:293-297 SKILL.md:297-311 SKILL.md:311-315 SKILL.md:315-322 SKILL.md:322-330 SKILL.md:330-344 SKILL.md:344-348 SKILL.md:348-377 SKILL.md:377-390 SKILL.md:390-400 SKILL.md:400-411 SKILL.md:411-416 SKILL.md:416-430 SKILL.md:350 SKILL.md:444 SKILL.md:38
🌐 ネットワークアクセス (25)
assets/ci-config-template.yml:240 assets/rule-template.yaml:43 assets/rule-template.yaml:44 assets/rule-template.yaml:45 assets/rule-template.yaml:73 assets/rule-template.yaml:118 assets/rule-template.yaml:119 assets/rule-template.yaml:151 assets/rule-template.yaml:191 assets/rule-template.yaml:192 assets/rule-template.yaml:193 assets/rule-template.yaml:217 assets/rule-template.yaml:260 assets/rule-template.yaml:261 assets/rule-template.yaml:288 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:451 SKILL.md:452 SKILL.md:453 SKILL.md:454 SKILL.md:455 SKILL.md:229 SKILL.md:229
📁 ファイルシステムへのアクセス (2)
🔑 環境変数 (27)
assets/ci-config-template.yml:164 assets/ci-config-template.yml:164 assets/rule-template.yaml:148 assets/rule-template.yaml:148 assets/rule-template.yaml:147 assets/rule-template.yaml:162 assets/rule-template.yaml:132 assets/rule-template.yaml:147 assets/rule-template.yaml:148 assets/rule-template.yaml:156 assets/rule-template.yaml:157 assets/rule-template.yaml:162 assets/rule-template.yaml:162 assets/rule-template.yaml:163 assets/rule-template.yaml:164 assets/rule-template.yaml:165 references/EXAMPLE.md:423 references/EXAMPLE.md:423 references/EXAMPLE.md:423 references/EXAMPLE.md:424 references/EXAMPLE.md:425 references/EXAMPLE.md:427 references/EXAMPLE.md:430 references/EXAMPLE.md:432 references/EXAMPLE.md:437 references/EXAMPLE.md:437 references/EXAMPLE.md:444
⚡ スクリプトを含む (2)
監査バージョン 4
低リスクJan 16, 2026, 03:47 PM
This is a pure documentation skill providing Metasploit Framework guidance. Contains no executable code, scripts, or network operations. All static findings are false positives - the scanner detects security tool names and techniques in educational documentation that would only be dangerous if executed. The skill emphasizes legal compliance and authorization requirements throughout.
6
スキャンされたファイル
2,189
解析された行数
5
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした
リスク要因
⚙️ 外部コマンド (85)
assets/ci-config-template.yml:298 assets/ci-config-template.yml:301 assets/ci-config-template.yml:304 assets/ci-config-template.yml:307 assets/ci-config-template.yml:310 assets/ci-config-template.yml:134 assets/ci-config-template.yml:250 assets/ci-config-template.yml:291 references/EXAMPLE.md:54-74 references/EXAMPLE.md:74-95 references/EXAMPLE.md:95-108 references/EXAMPLE.md:108-111 references/EXAMPLE.md:111-118 references/EXAMPLE.md:118-122 references/EXAMPLE.md:122-129 references/EXAMPLE.md:129-135 references/EXAMPLE.md:135-151 references/EXAMPLE.md:151-154 references/EXAMPLE.md:154-162 references/EXAMPLE.md:162-296 references/EXAMPLE.md:296-306 references/EXAMPLE.md:306-309 references/EXAMPLE.md:309-318 references/EXAMPLE.md:318-333 references/EXAMPLE.md:333-342 references/EXAMPLE.md:342-346 references/EXAMPLE.md:346-354 references/EXAMPLE.md:354-358 references/EXAMPLE.md:358-361 references/EXAMPLE.md:361-371 references/EXAMPLE.md:371-404 references/EXAMPLE.md:404-414 references/EXAMPLE.md:414-447 references/EXAMPLE.md:447-451 references/EXAMPLE.md:451-472 references/EXAMPLE.md:472-476 references/EXAMPLE.md:476-537 references/WORKFLOW_CHECKLIST.md:74 SKILL.md:36-48 SKILL.md:48-79 SKILL.md:79-83 SKILL.md:83-87 SKILL.md:87-91 SKILL.md:91-97 SKILL.md:97-101 SKILL.md:101-113 SKILL.md:113-127 SKILL.md:127-133 SKILL.md:133-142 SKILL.md:142-154 SKILL.md:154-176 SKILL.md:176-179 SKILL.md:179-180 SKILL.md:180-181 SKILL.md:181-182 SKILL.md:182-188 SKILL.md:188-199 SKILL.md:199-202 SKILL.md:202-203 SKILL.md:203-204 SKILL.md:204-205 SKILL.md:205-211 SKILL.md:211-223 SKILL.md:223-227 SKILL.md:227-233 SKILL.md:233-276 SKILL.md:276-282 SKILL.md:282-286 SKILL.md:286-293 SKILL.md:293-297 SKILL.md:297-311 SKILL.md:311-315 SKILL.md:315-322 SKILL.md:322-330 SKILL.md:330-344 SKILL.md:344-348 SKILL.md:348-377 SKILL.md:377-390 SKILL.md:390-400 SKILL.md:400-411 SKILL.md:411-416 SKILL.md:416-430 SKILL.md:350 SKILL.md:444 SKILL.md:38
🌐 ネットワークアクセス (25)
assets/ci-config-template.yml:240 assets/rule-template.yaml:43 assets/rule-template.yaml:44 assets/rule-template.yaml:45 assets/rule-template.yaml:73 assets/rule-template.yaml:118 assets/rule-template.yaml:119 assets/rule-template.yaml:151 assets/rule-template.yaml:191 assets/rule-template.yaml:192 assets/rule-template.yaml:193 assets/rule-template.yaml:217 assets/rule-template.yaml:260 assets/rule-template.yaml:261 assets/rule-template.yaml:288 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:451 SKILL.md:452 SKILL.md:453 SKILL.md:454 SKILL.md:455 SKILL.md:229 SKILL.md:229
📁 ファイルシステムへのアクセス (2)
🔑 環境変数 (27)
assets/ci-config-template.yml:164 assets/ci-config-template.yml:164 assets/rule-template.yaml:148 assets/rule-template.yaml:148 assets/rule-template.yaml:147 assets/rule-template.yaml:162 assets/rule-template.yaml:132 assets/rule-template.yaml:147 assets/rule-template.yaml:148 assets/rule-template.yaml:156 assets/rule-template.yaml:157 assets/rule-template.yaml:162 assets/rule-template.yaml:162 assets/rule-template.yaml:163 assets/rule-template.yaml:164 assets/rule-template.yaml:165 references/EXAMPLE.md:423 references/EXAMPLE.md:423 references/EXAMPLE.md:423 references/EXAMPLE.md:424 references/EXAMPLE.md:425 references/EXAMPLE.md:427 references/EXAMPLE.md:430 references/EXAMPLE.md:432 references/EXAMPLE.md:437 references/EXAMPLE.md:437 references/EXAMPLE.md:444
⚡ スクリプトを含む (2)
監査バージョン 3
安全Jan 10, 2026, 10:50 AM
Pure documentation skill providing Metasploit Framework guidance. Contains no executable code, scripts, or network operations. All content is educational documentation for authorized security testing with strong emphasis on legal compliance and authorization requirements.
5
スキャンされたファイル
1,446
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした
監査バージョン 2
安全Jan 10, 2026, 10:50 AM
Pure documentation skill providing Metasploit Framework guidance. Contains no executable code, scripts, or network operations. All content is educational documentation for authorized security testing with strong emphasis on legal compliance and authorization requirements.
5
スキャンされたファイル
1,446
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした
監査バージョン 1
安全Jan 10, 2026, 10:50 AM
Pure documentation skill providing Metasploit Framework guidance. Contains no executable code, scripts, or network operations. All content is educational documentation for authorized security testing with strong emphasis on legal compliance and authorization requirements.
5
スキャンされたファイル
1,446
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした