# Test IoT UART Consoles IoT hardware testing often requires reliable access to UART consoles. This skill provides serial connection workflows, logging guidance, and security test checklists for authorized assessments. ## Install ```bash npx skillstore add brownfinesecurity/iot-uart-console-picocom ``` ## Metadata - - Slug: brownfinesecurity-iot-uart-console-picocom - - Version: 1.0.0 - - Author: BrownFineSecurity - - GitHub username: BrownFineSecurity - - License: MIT - - Repository: https://github.com/BrownFineSecurity/picocom-claude-skill/tree/master/.claude/skills/picocom - - Ref: master - - Supported tools: Claude, Codex, Claude Code - - Risk level: high - - Risk factors: scripts, network, filesystem, external\_commands - - Quality score: 38 - - Quality tier: warning - - Public page: https://skillstore.pages.dev/skills/brownfinesecurity-iot-uart-console-picocom - - Manifest: https://skillstore.pages.dev/api/skills/brownfinesecurity-iot-uart-console-picocom/manifest ## Capabilities - Explains how to connect to UART devices with picocom and common baud rates. - Provides a Python helper for sending serial commands and reading console output. - Documents session logging methods for observing and preserving serial I/O. - Lists common IoT console prompts, BusyBox commands, and bootloader workflows. - Includes checklists for authorized enumeration, firmware review, and reporting. ## Use Cases - Authorized Hardware Assessment: Connect to a client-owned device, capture console output, and document exposed services or weak settings. - Firmware Lab Validation: Use UART access to inspect boot logs, shell behavior, and bootloader controls in a controlled lab. - Device Debugging Workflow: Set up repeatable serial logging and command execution while troubleshooting embedded Linux devices. ## Prompt Templates ### Connect to a UART Console ``` Help me connect to my authorized IoT device over UART using picocom. Ask for the serial device path and baud rate first. ``` ### Log a Serial Session ``` Create a safe workflow to log all UART console input and output for an authorized device assessment. ``` ### Enumerate Device State ``` Guide me through non-destructive UART enumeration for a device I own. Focus on identity, firmware version, services, and permissions. ``` ### Review Risky Test Steps ``` Review this UART test plan for destructive, persistence, credential access, or exfiltration steps before I run it in my lab. ``` ## Limitations - Requires physical UART access and compatible serial hardware. - Does not verify that the user has authorization for a target device. - Contains dual-use exploitation and persistence examples that need human oversight. - Can damage or alter devices if bootloader or filesystem commands are misused. ## Best Practices - Use this skill only on devices you own or have written permission to test. - Prefer read-only enumeration before modifying bootloader settings, files, or accounts. - Store UART logs securely because they can contain credentials, keys, and device secrets. ## Anti Patterns - Do not use persistence, reverse shell, or backdoor examples outside an approved lab scope. - Do not extract firmware, credentials, or keys from third-party devices without authorization. - Do not run bootloader or filesystem write commands without a recovery plan. ## Security Audit - - Safe to publish: false - - Audited at: 2026-06-28T18:03:55.816\+00:00 - - Summary: Static findings for command execution, filesystem access, network use, and credential access are largely true positives in the skill documentation. The content is framed as authorized IoT pentesting, so I did not find confirmed malicious intent, but it includes high-risk persistence, credential access, privilege escalation, and exfiltration guidance that is not safe for marketplace publication without substantial guardrails. ## Stats - - Views: 180 - - Downloads: 1 - - Favorites: 0 - - Popularity score: 0