技能 nmap 審計紀錄
📦

審計紀錄

nmap - 7 審計

審計版本 7

最新 高風險

Jun 28, 2026, 06:12 PM

Static findings for external commands, sudo usage, and network scanning are true positives in context: the skill instructs agents to run nmap scans, including all-port, stealth, UDP, and vulnerability scans. No prompt injection, credential theft, or covert exfiltration was found, so this is high-risk dual-use security tooling rather than confirmed malicious content.

1
已掃描檔案
577
分析行數
11
發現
codex
審計單位

高風險問題 (4)

Default Active Network Scanning
TRUE POSITIVE: The skill tells the agent to run nmap by default, including all 65535 TCP ports and service detection against a user-supplied target. This can probe systems without authorization if the caller supplies an out-of-scope target.
Stealth and Detection Evasion Guidance
TRUE POSITIVE: The skill includes stealth SYN scanning, IDS evasion timing, fragmented packets, and source-port suggestions. These techniques can be used to avoid monitoring on networks the user does not own.
Vulnerability and Brute Force NSE Script Guidance
TRUE POSITIVE: The skill recommends NSE vulnerability checks, brute force script categories, HTTP wildcard scripts, and IoT protocol enumeration. These scans can intensify reconnaissance and may trigger security controls.
Privileged Raw Packet Scanning
TRUE POSITIVE: Multiple examples require sudo for SYN, UDP, and OS detection scans. Privileged scanning increases host risk and can generate disruptive traffic from the user environment.
中風險問題 (2)
Shell Interpolation Around User Targets
NEEDS_REVIEW: Example workflows place target values into shell commands and sometimes use unquoted variables. If an agent copies this pattern with untrusted target text, local shell injection is possible.
Local Scan Output File Creation
TRUE POSITIVE WITH LIMITED IMPACT: The skill creates output directories and writes nmap results in multiple formats. This is expected for the tool, but it may store sensitive network inventory on disk.
低風險問題 (2)
Private IP Address Examples
FALSE POSITIVE: The hardcoded IP findings are documentation examples using private RFC1918-style addresses for local network ranges. No external callback or fixed third-party target was found.
Weak Cryptography Scanner Hits Not Confirmed
FALSE POSITIVE: The weak cryptographic algorithm alerts do not correspond to cryptographic code or commands in the reviewed lines. No evidence found of MD5, SHA1, or other weak crypto usage by the skill.

偵測到的模式

sudo nmap CommandsStealth and Evasion FlagsBroad NSE Script Execution

審計版本 6

中風險

Jan 21, 2026, 03:36 PM

This is a legitimate network reconnaissance skill for authorized security testing. The static analyzer flagged network scanning patterns because this skill IS designed for port scanning. All nmap commands are legitimate tool usage with hardcoded templates, not command injection risks. The skill explicitly requires authorization and documents ethical usage guidelines. Risk is inherent to security reconnaissance tools but appropriate for the marketplace.

2
已掃描檔案
3,396
分析行數
3
發現
claude
審計單位
未發現安全問題

審計版本 5

中風險

Jan 16, 2026, 08:08 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
已掃描檔案
753
分析行數
3
發現
claude
審計單位
未發現安全問題

風險因素

⚙️ 外部命令 (159)
SKILL.md:13-21 SKILL.md:21-23 SKILL.md:23-30 SKILL.md:30-32 SKILL.md:32-40 SKILL.md:40-42 SKILL.md:42-43 SKILL.md:43-48 SKILL.md:48-50 SKILL.md:50-51 SKILL.md:51 SKILL.md:51-52 SKILL.md:52-53 SKILL.md:53-66 SKILL.md:66-69 SKILL.md:69-72 SKILL.md:72-74 SKILL.md:74-81 SKILL.md:81-84 SKILL.md:84-87 SKILL.md:87-89 SKILL.md:89-92 SKILL.md:92-97 SKILL.md:97-100 SKILL.md:100-102 SKILL.md:102-105 SKILL.md:105-111 SKILL.md:111-114 SKILL.md:114-116 SKILL.md:116-122 SKILL.md:122-124 SKILL.md:124-125 SKILL.md:125-126 SKILL.md:126-127 SKILL.md:127-133 SKILL.md:133-135 SKILL.md:135-136 SKILL.md:136-142 SKILL.md:142-144 SKILL.md:144-145 SKILL.md:145-151 SKILL.md:151-153 SKILL.md:153-154 SKILL.md:154-155 SKILL.md:155-161 SKILL.md:161-163 SKILL.md:163-164 SKILL.md:164-165 SKILL.md:165-171 SKILL.md:171-173 SKILL.md:173-174 SKILL.md:174-180 SKILL.md:180-182 SKILL.md:182-183 SKILL.md:183-193 SKILL.md:193-195 SKILL.md:195-196 SKILL.md:196-197 SKILL.md:197-198 SKILL.md:198-208 SKILL.md:208-209 SKILL.md:209-214 SKILL.md:214-228 SKILL.md:228-230 SKILL.md:230-233 SKILL.md:233-235 SKILL.md:235-238 SKILL.md:238-240 SKILL.md:240-243 SKILL.md:243-245 SKILL.md:245-251 SKILL.md:251-252 SKILL.md:252-253 SKILL.md:253-254 SKILL.md:254-260 SKILL.md:260-261 SKILL.md:261-262 SKILL.md:262-263 SKILL.md:263-264 SKILL.md:264-265 SKILL.md:265-266 SKILL.md:266-268 SKILL.md:268-269 SKILL.md:269-270 SKILL.md:270 SKILL.md:270-280 SKILL.md:280-282 SKILL.md:282-285 SKILL.md:285-287 SKILL.md:287-290 SKILL.md:290-292 SKILL.md:292-295 SKILL.md:295-297 SKILL.md:297-300 SKILL.md:300-302 SKILL.md:302-307 SKILL.md:307-325 SKILL.md:325-328 SKILL.md:328-340 SKILL.md:340-367 SKILL.md:367-369 SKILL.md:369-372 SKILL.md:372-374 SKILL.md:374-377 SKILL.md:377-379 SKILL.md:379-404 SKILL.md:404-410 SKILL.md:410-414 SKILL.md:414-420 SKILL.md:420-424 SKILL.md:424-430 SKILL.md:430-455 SKILL.md:455-464 SKILL.md:464-469 SKILL.md:469-470 SKILL.md:470 SKILL.md:470-471 SKILL.md:471-474 SKILL.md:474 SKILL.md:474 SKILL.md:474-475 SKILL.md:475-476 SKILL.md:476-477 SKILL.md:477-481 SKILL.md:481-482 SKILL.md:482-483 SKILL.md:483-488 SKILL.md:488-491 SKILL.md:491-496 SKILL.md:496-516 SKILL.md:516-519 SKILL.md:519-533 SKILL.md:533-536 SKILL.md:536-549 SKILL.md:549-561 SKILL.md:101 SKILL.md:510 SKILL.md:525 SKILL.md:100-102 SKILL.md:496-516 SKILL.md:519-533 SKILL.md:31 SKILL.md:41 SKILL.md:88 SKILL.md:95 SKILL.md:143 SKILL.md:152 SKILL.md:181 SKILL.md:208 SKILL.md:273 SKILL.md:416 SKILL.md:460 SKILL.md:489-490 SKILL.md:490 SKILL.md:502 SKILL.md:506 SKILL.md:524 SKILL.md:542 SKILL.md:545
🌐 網路存取 (13)
📁 檔案系統存取 (3)

偵測到的模式

sudo privilege escalationHardcoded IP addressWeak cryptographic algorithmNetwork scanning toolsRuby/shell backtick executionShell command substitutionTemplate literal with command substitutionHard link creationSystem reconnaissance

審計版本 4

中風險

Jan 16, 2026, 08:08 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
已掃描檔案
753
分析行數
3
發現
claude
審計單位
未發現安全問題

風險因素

⚙️ 外部命令 (159)
SKILL.md:13-21 SKILL.md:21-23 SKILL.md:23-30 SKILL.md:30-32 SKILL.md:32-40 SKILL.md:40-42 SKILL.md:42-43 SKILL.md:43-48 SKILL.md:48-50 SKILL.md:50-51 SKILL.md:51 SKILL.md:51-52 SKILL.md:52-53 SKILL.md:53-66 SKILL.md:66-69 SKILL.md:69-72 SKILL.md:72-74 SKILL.md:74-81 SKILL.md:81-84 SKILL.md:84-87 SKILL.md:87-89 SKILL.md:89-92 SKILL.md:92-97 SKILL.md:97-100 SKILL.md:100-102 SKILL.md:102-105 SKILL.md:105-111 SKILL.md:111-114 SKILL.md:114-116 SKILL.md:116-122 SKILL.md:122-124 SKILL.md:124-125 SKILL.md:125-126 SKILL.md:126-127 SKILL.md:127-133 SKILL.md:133-135 SKILL.md:135-136 SKILL.md:136-142 SKILL.md:142-144 SKILL.md:144-145 SKILL.md:145-151 SKILL.md:151-153 SKILL.md:153-154 SKILL.md:154-155 SKILL.md:155-161 SKILL.md:161-163 SKILL.md:163-164 SKILL.md:164-165 SKILL.md:165-171 SKILL.md:171-173 SKILL.md:173-174 SKILL.md:174-180 SKILL.md:180-182 SKILL.md:182-183 SKILL.md:183-193 SKILL.md:193-195 SKILL.md:195-196 SKILL.md:196-197 SKILL.md:197-198 SKILL.md:198-208 SKILL.md:208-209 SKILL.md:209-214 SKILL.md:214-228 SKILL.md:228-230 SKILL.md:230-233 SKILL.md:233-235 SKILL.md:235-238 SKILL.md:238-240 SKILL.md:240-243 SKILL.md:243-245 SKILL.md:245-251 SKILL.md:251-252 SKILL.md:252-253 SKILL.md:253-254 SKILL.md:254-260 SKILL.md:260-261 SKILL.md:261-262 SKILL.md:262-263 SKILL.md:263-264 SKILL.md:264-265 SKILL.md:265-266 SKILL.md:266-268 SKILL.md:268-269 SKILL.md:269-270 SKILL.md:270 SKILL.md:270-280 SKILL.md:280-282 SKILL.md:282-285 SKILL.md:285-287 SKILL.md:287-290 SKILL.md:290-292 SKILL.md:292-295 SKILL.md:295-297 SKILL.md:297-300 SKILL.md:300-302 SKILL.md:302-307 SKILL.md:307-325 SKILL.md:325-328 SKILL.md:328-340 SKILL.md:340-367 SKILL.md:367-369 SKILL.md:369-372 SKILL.md:372-374 SKILL.md:374-377 SKILL.md:377-379 SKILL.md:379-404 SKILL.md:404-410 SKILL.md:410-414 SKILL.md:414-420 SKILL.md:420-424 SKILL.md:424-430 SKILL.md:430-455 SKILL.md:455-464 SKILL.md:464-469 SKILL.md:469-470 SKILL.md:470 SKILL.md:470-471 SKILL.md:471-474 SKILL.md:474 SKILL.md:474 SKILL.md:474-475 SKILL.md:475-476 SKILL.md:476-477 SKILL.md:477-481 SKILL.md:481-482 SKILL.md:482-483 SKILL.md:483-488 SKILL.md:488-491 SKILL.md:491-496 SKILL.md:496-516 SKILL.md:516-519 SKILL.md:519-533 SKILL.md:533-536 SKILL.md:536-549 SKILL.md:549-561 SKILL.md:101 SKILL.md:510 SKILL.md:525 SKILL.md:100-102 SKILL.md:496-516 SKILL.md:519-533 SKILL.md:31 SKILL.md:41 SKILL.md:88 SKILL.md:95 SKILL.md:143 SKILL.md:152 SKILL.md:181 SKILL.md:208 SKILL.md:273 SKILL.md:416 SKILL.md:460 SKILL.md:489-490 SKILL.md:490 SKILL.md:502 SKILL.md:506 SKILL.md:524 SKILL.md:542 SKILL.md:545
🌐 網路存取 (13)
📁 檔案系統存取 (3)

偵測到的模式

sudo privilege escalationHardcoded IP addressWeak cryptographic algorithmNetwork scanning toolsRuby/shell backtick executionShell command substitutionTemplate literal with command substitutionHard link creationSystem reconnaissance

審計版本 3

安全

Jan 10, 2026, 11:37 AM

Pure prompt-based skill providing nmap guidance. No executable code. Emphasizes authorization and ethical use. Legitimate security testing tool documentation.

1
已掃描檔案
577
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 2

安全

Jan 10, 2026, 11:37 AM

Pure prompt-based skill providing nmap guidance. No executable code. Emphasizes authorization and ethical use. Legitimate security testing tool documentation.

1
已掃描檔案
577
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 1

安全

Jan 10, 2026, 11:37 AM

Pure prompt-based skill providing nmap guidance. No executable code. Emphasizes authorization and ethical use. Legitimate security testing tool documentation.

1
已掃描檔案
577
分析行數
0
發現
claude
審計單位
未發現安全問題