技能 iot-uart-console-picocom 審計紀錄
📦

審計紀錄

iot-uart-console-picocom - 6 審計

審計版本 6

最新 高風險

Jun 28, 2026, 06:03 PM

Static findings for command execution, filesystem access, network use, and credential access are largely true positives in the skill documentation. The content is framed as authorized IoT pentesting, so I did not find confirmed malicious intent, but it includes high-risk persistence, credential access, privilege escalation, and exfiltration guidance that is not safe for marketplace publication without substantial guardrails.

4
已掃描檔案
2,037
分析行數
11
發現
codex
審計單位

高風險問題 (4)

SKILL.md:494-516examples.md:252-297
Persistence and Backdoor Instructions
The skill instructs users to add SSH authorized keys, create a UID 0 backdoor user, and add startup entries for continued access. These steps can create unauthorized persistent control of an embedded device.
SKILL.md:374-419examples.md:136-143examples.md:399-406
Credential and Secret Harvesting Guidance
The skill directs users to read password databases, sudoers data, keys, password files, and API keys. This can expose credentials and secrets from target systems.
SKILL.md:434-456SKILL.md:572-591examples.md:146-180examples.md:311-360
Privilege Escalation and Shell Escape Playbooks
The documentation provides concrete shell escape, SUID abuse, sudo abuse, and bootloader modification steps to gain root shells. This is high-risk dual-use exploitation guidance.
SKILL.md:519-538examples.md:212-229
Firmware Extraction and Network Transfer
The skill includes commands to dump flash partitions and transfer root filesystem images over netcat to an external listener. This can enable data exfiltration from devices.
中風險問題 (2)
serial_helper.py:284-306serial_helper.py:482-488
Arbitrary Serial Command Automation
The helper accepts single commands, interactive input, and script files, then sends them to the attached device. This is expected for the skill, but it can automate harmful target-side actions.
SKILL.md:21-29OBSERVING_SESSIONS.md:25-31serial_helper.py:83-87serial_helper.py:146-185
Sensitive Session Logging
The helper and documentation log all serial I/O, including commands and device responses. Logs may capture passwords, keys, tokens, or proprietary device data.
低風險問題 (1)
SKILL.md:21-29SKILL.md:43-88OBSERVING_SESSIONS.md:73-104serial_helper.py:416-441
Benign Serial Device and Temporary File References
Many low and medium static hits are expected references to /dev/ttyUSB devices, /tmp log files, and local serial tooling. These are normal for a UART console skill but still require user permission and log hygiene.

風險因素

⚡ 包含腳本 (2)
serial_helper.py:1-17 serial_helper.py:482-488
⚙️ 外部命令 (4)
SKILL.md:47-64 SKILL.md:382-388 examples.md:157-180 examples.md:337-360
🌐 網路存取 (4)
SKILL.md:289-296 SKILL.md:527-534 examples.md:224-229 examples.md:390-391
📁 檔案系統存取 (4)
SKILL.md:414-419 SKILL.md:498-516 examples.md:136-143 examples.md:267-286

偵測到的模式

UID 0 Account CreationReverse Shell on BootPassword and Key File DiscoveryRoot Shell via Boot ArgumentsNetcat Firmware Transfer

審計版本 5

低風險

Jan 16, 2026, 07:59 PM

This skill is a legitimate security testing tool for authorized IoT device penetration testing via UART serial connections. The core implementation (serial_helper.py) uses pyserial for serial communication and logs all I/O to files. The extensive static findings are false positives: they detect pentesting documentation showing commands to run on target IoT devices via serial console, not malicious code execution on the host system. No network calls to external servers, credential theft, or host code execution capabilities were found.

5
已掃描檔案
2,275
分析行數
3
發現
claude
審計單位
未發現安全問題

風險因素

⚡ 包含腳本 (1)
serial_helper.py:1-518
📁 檔案系統存取 (2)
serial_helper.py:67-76 serial_helper.py:485-486
⚙️ 外部命令 (2)
SKILL.md:182-184 SKILL.md:640-641

審計版本 4

低風險

Jan 16, 2026, 07:59 PM

This skill is a legitimate security testing tool for authorized IoT device penetration testing via UART serial connections. The core implementation (serial_helper.py) uses pyserial for serial communication and logs all I/O to files. The extensive static findings are false positives: they detect pentesting documentation showing commands to run on target IoT devices via serial console, not malicious code execution on the host system. No network calls to external servers, credential theft, or host code execution capabilities were found.

5
已掃描檔案
2,275
分析行數
3
發現
claude
審計單位
未發現安全問題

風險因素

⚡ 包含腳本 (1)
serial_helper.py:1-518
📁 檔案系統存取 (2)
serial_helper.py:67-76 serial_helper.py:485-486
⚙️ 外部命令 (2)
SKILL.md:182-184 SKILL.md:640-641

審計版本 3

低風險

Jan 10, 2026, 11:31 AM

This skill is a legitimate security testing tool for authorized IoT device penetration testing via UART serial connections. It uses pyserial for serial communication and logs all activity to files. No network calls, credential theft, or host code execution capabilities were detected. The skill documents common pentesting techniques but does not execute them automatically.

4
已掃描檔案
2,037
分析行數
3
發現
claude
審計單位
未發現安全問題

風險因素

⚡ 包含腳本 (1)
serial_helper.py:1-518
📁 檔案系統存取 (2)
serial_helper.py:67-76 serial_helper.py:485-486
⚙️ 外部命令 (2)
SKILL.md:182-184 SKILL.md:640-641

審計版本 2

低風險

Jan 10, 2026, 11:31 AM

This skill is a legitimate security testing tool for authorized IoT device penetration testing via UART serial connections. It uses pyserial for serial communication and logs all activity to files. No network calls, credential theft, or host code execution capabilities were detected. The skill documents common pentesting techniques but does not execute them automatically.

4
已掃描檔案
2,037
分析行數
3
發現
claude
審計單位
未發現安全問題

風險因素

⚡ 包含腳本 (1)
serial_helper.py:1-518
📁 檔案系統存取 (2)
serial_helper.py:67-76 serial_helper.py:485-486
⚙️ 外部命令 (2)
SKILL.md:182-184 SKILL.md:640-641

審計版本 1

低風險

Jan 10, 2026, 11:31 AM

This skill is a legitimate security testing tool for authorized IoT device penetration testing via UART serial connections. It uses pyserial for serial communication and logs all activity to files. No network calls, credential theft, or host code execution capabilities were detected. The skill documents common pentesting techniques but does not execute them automatically.

4
已掃描檔案
2,037
分析行數
3
發現
claude
審計單位
未發現安全問題

風險因素

⚡ 包含腳本 (1)
serial_helper.py:1-518
📁 檔案系統存取 (2)
serial_helper.py:67-76 serial_helper.py:485-486
⚙️ 外部命令 (2)
SKILL.md:182-184 SKILL.md:640-641
← 回到技能