Audit History - picocom

Audit version 5

Latest Medium Risk

Jan 16, 2026, 08:12 PM

Legitimate IoT security testing tool. The static analysis flagged 664 patterns but these are FALSE POSITIVES - documentation of standard pentesting commands to run on TARGET DEVICES, not malicious host behavior. The only actual code (serial_helper.py) has one controlled subprocess feature for trigger scripts with 30-second timeout. Authorization requirements are documented. Safe for marketplace.

5

Files scanned

2,863

Lines analyzed

5

findings

claude

Audited by

Medium Risk Issues (1)

serial_helper.py:593-618

Controlled subprocess execution in monitor mode

The serial_helper.py script can execute external trigger scripts via subprocess.run with shell=True (lines 593-618). This is a documented feature for pentesting workflows where users trigger external events while monitoring UART output. The capability is user-controlled via --trigger-script argument, has a 30-second timeout limit, and requires explicit invocation.

Low Risk Issues (1)

serial_helper.py:103 serial_helper.py:819-820

File operations for logging

The script opens log files for writing session data and reads script files for batch command execution. Standard file operations for a serial communication tool. Log files can contain sensitive session data.

Risk Factors

⚙️ External commands (3)

SKILL.md:13-832 examples.md:1-489 serial_helper.py:593-618

📁 Filesystem access (2)

serial_helper.py:103 serial_helper.py:819-820

🌐 Network access (2)

SKILL.md:130 SKILL.md:364

Audit version 4

Medium Risk

Jan 16, 2026, 08:12 PM

Legitimate IoT security testing tool. The static analysis flagged 664 patterns but these are FALSE POSITIVES - documentation of standard pentesting commands to run on TARGET DEVICES, not malicious host behavior. The only actual code (serial_helper.py) has one controlled subprocess feature for trigger scripts with 30-second timeout. Authorization requirements are documented. Safe for marketplace.

5

Files scanned

2,863

Lines analyzed

5

findings

claude

Audited by

Medium Risk Issues (1)

serial_helper.py:593-618

Controlled subprocess execution in monitor mode

The serial_helper.py script can execute external trigger scripts via subprocess.run with shell=True (lines 593-618). This is a documented feature for pentesting workflows where users trigger external events while monitoring UART output. The capability is user-controlled via --trigger-script argument, has a 30-second timeout limit, and requires explicit invocation.

Low Risk Issues (1)

serial_helper.py:103 serial_helper.py:819-820

File operations for logging

The script opens log files for writing session data and reads script files for batch command execution. Standard file operations for a serial communication tool. Log files can contain sensitive session data.

Risk Factors

⚙️ External commands (3)

SKILL.md:13-832 examples.md:1-489 serial_helper.py:593-618

📁 Filesystem access (2)

serial_helper.py:103 serial_helper.py:819-820

🌐 Network access (2)

SKILL.md:130 SKILL.md:364

Audit version 3

Medium Risk

Jan 10, 2026, 11:40 AM

Legitimate IoT security testing tool with documented external command execution capability for trigger scripts in monitor mode. The subprocess execution is user-controlled, timeout-limited, and intended for legitimate security testing workflows. No network calls or credential theft patterns detected.

4

Files scanned

2,611

Lines analyzed

4

findings

claude

Audited by

Medium Risk Issues (1)

serial_helper.py:593-618

Subprocess execution in monitor mode

The serial_helper.py script can execute external trigger scripts via subprocess.run with shell=True (lines 593-598). This is a documented feature for pentesting workflows where users trigger external events (like API calls) while monitoring UART output. The capability is user-controlled via --trigger-script argument, has a 30-second timeout limit, and requires explicit invocation. While this could theoretically be misused, it is an intentional design for legitimate security testing scenarios.

Low Risk Issues (1)

serial_helper.py:103 serial_helper.py:819-820

File operations for logging

The script opens log files for writing session data (line 103) and reads script files for batch command execution (lines 819-820). These are standard file operations for a serial communication tool. Log files are created with user-specified paths and can contain sensitive session data including commands and device responses.

Risk Factors

⚙️ External commands (1)

serial_helper.py:593-598

📁 Filesystem access (2)

serial_helper.py:103 serial_helper.py:819-820

Audit version 2

Medium Risk

Jan 10, 2026, 11:40 AM

Legitimate IoT security testing tool with documented external command execution capability for trigger scripts in monitor mode. The subprocess execution is user-controlled, timeout-limited, and intended for legitimate security testing workflows. No network calls or credential theft patterns detected.

4

Files scanned

2,611

Lines analyzed

4

findings

claude

Audited by

Medium Risk Issues (1)

serial_helper.py:593-618

Subprocess execution in monitor mode

The serial_helper.py script can execute external trigger scripts via subprocess.run with shell=True (lines 593-598). This is a documented feature for pentesting workflows where users trigger external events (like API calls) while monitoring UART output. The capability is user-controlled via --trigger-script argument, has a 30-second timeout limit, and requires explicit invocation. While this could theoretically be misused, it is an intentional design for legitimate security testing scenarios.

Low Risk Issues (1)

serial_helper.py:103 serial_helper.py:819-820

File operations for logging

The script opens log files for writing session data (line 103) and reads script files for batch command execution (lines 819-820). These are standard file operations for a serial communication tool. Log files are created with user-specified paths and can contain sensitive session data including commands and device responses.

Risk Factors

⚙️ External commands (1)

serial_helper.py:593-598

📁 Filesystem access (2)

serial_helper.py:103 serial_helper.py:819-820

Audit version 1

Medium Risk

Jan 10, 2026, 11:40 AM

Legitimate IoT security testing tool with documented external command execution capability for trigger scripts in monitor mode. The subprocess execution is user-controlled, timeout-limited, and intended for legitimate security testing workflows. No network calls or credential theft patterns detected.

4

Files scanned

2,611

Lines analyzed

4

findings

claude

Audited by

Medium Risk Issues (1)

serial_helper.py:593-618

Subprocess execution in monitor mode

The serial_helper.py script can execute external trigger scripts via subprocess.run with shell=True (lines 593-598). This is a documented feature for pentesting workflows where users trigger external events (like API calls) while monitoring UART output. The capability is user-controlled via --trigger-script argument, has a 30-second timeout limit, and requires explicit invocation. While this could theoretically be misused, it is an intentional design for legitimate security testing scenarios.

Low Risk Issues (1)

serial_helper.py:103 serial_helper.py:819-820

File operations for logging

The script opens log files for writing session data (line 103) and reads script files for batch command execution (lines 819-820). These are standard file operations for a serial communication tool. Log files are created with user-specified paths and can contain sensitive session data including commands and device responses.

Risk Factors

⚙️ External commands (1)

serial_helper.py:593-598

📁 Filesystem access (2)

serial_helper.py:103 serial_helper.py:819-820