技能 onvifscan 審計紀錄
📦

審計紀錄

onvifscan - 6 審計

審計版本 6

最新 高風險

Jun 28, 2026, 05:08 PM

Static backtick, hardcoded IP, hardcoded URL, and weak-cryptography findings are mostly false positives from Markdown examples and prose. However, the skill explicitly instructs network scanning, credential brute forcing, and use of an option that may test destructive endpoints. This is a high-risk dual-use security skill and should not be published without authorization safeguards and abuse controls.

1
已掃描檔案
81
分析行數
9
發現
codex
審計單位

高風險問題 (3)

Credential Brute Forcing Guidance
The skill describes credential brute-forcing attacks and provides command examples for running them against ONVIF devices. This can enable unauthorized access attempts against IP cameras if used outside an approved assessment.
Potentially Destructive Endpoint Testing
The skill documents an all-endpoints option and warns that it may test destructive endpoints. Running this against live cameras could alter state or disrupt device operation.
Network Scanning Without Authorization Controls
The skill asks for a device URL or IP and then directs execution of scan commands. It does not require proof of authorization, define scope controls, or require confirmation before testing external targets.
中風險問題 (1)
User-Supplied Target Passed To External Command
The skill tells the assistant to collect a user-provided device URL or IP and place it into an onvifscan command. If the command is assembled unsafely by a host tool, malformed input could create command execution or scanning scope risks.
低風險問題 (3)
Static Markdown Backtick Findings Are False Positives
The reported Ruby or shell backtick findings appear to be Markdown inline code and fenced examples. No Ruby execution or embedded script file is present in the scanned file.
Hardcoded Network Examples Are Documentation Samples
The hardcoded URLs and IP addresses are private-network examples used in command documentation. They are not evidence of exfiltration or a fixed external callback destination.
Weak Cryptography Static Findings Are False Positives
The weak-cryptography findings do not correspond to cryptographic implementation in the scanned file. The referenced lines contain descriptive text, option notes, or Markdown examples rather than crypto calls.

偵測到的模式

Brute Force Command PatternPotentially Destructive Scan OptionUnscoped Network Target Input

審計版本 5

低風險

Jan 16, 2026, 08:10 PM

All 57 static findings are FALSE POSITIVES. This is a legitimate prompt wrapper skill for ONVIF security auditing. Pattern matches for Metasploit, C2 keywords, and weak crypto are triggered by documentation text and repository names, not actual malicious code. The skill is a markdown documentation file that provides structured access to the onvifscan binary for authorized security assessments. Built-in safeguards include rate limiting (20 attempts max) and warnings about potentially destructive endpoints.

2
已掃描檔案
276
分析行數
2
發現
claude
審計單位
未發現安全問題

審計版本 4

低風險

Jan 16, 2026, 08:10 PM

All 57 static findings are FALSE POSITIVES. This is a legitimate prompt wrapper skill for ONVIF security auditing. Pattern matches for Metasploit, C2 keywords, and weak crypto are triggered by documentation text and repository names, not actual malicious code. The skill is a markdown documentation file that provides structured access to the onvifscan binary for authorized security assessments. Built-in safeguards include rate limiting (20 attempts max) and warnings about potentially destructive endpoints.

2
已掃描檔案
276
分析行數
2
發現
claude
審計單位
未發現安全問題

審計版本 3

低風險

Jan 10, 2026, 11:38 AM

This is a prompt wrapper skill for a legitimate ONVIF security auditing tool. The skill itself contains only documentation and instructions for using the external onvifscan binary. The tool provides authentication testing and credential brute-forcing capabilities designed for authorized security assessments of IP cameras and ONVIF devices. Built-in safeguards include rate limiting and warnings about potentially destructive endpoints.

1
已掃描檔案
81
分析行數
1
發現
claude
審計單位
低風險問題 (1)
Credential brute-forcing functionality
The skill enables users to perform credential brute-forcing attacks against ONVIF devices using wordlists. While designed for authorized security testing, this capability could potentially be misused for unauthorized access. The tool includes rate limiting (max 20 attempts by default) as a safeguard. Quote from SKILL.md line 47-55: "Attempts credential brute-forcing on protected endpoints" with options for custom wordlists.

審計版本 2

低風險

Jan 10, 2026, 11:38 AM

This is a prompt wrapper skill for a legitimate ONVIF security auditing tool. The skill itself contains only documentation and instructions for using the external onvifscan binary. The tool provides authentication testing and credential brute-forcing capabilities designed for authorized security assessments of IP cameras and ONVIF devices. Built-in safeguards include rate limiting and warnings about potentially destructive endpoints.

1
已掃描檔案
81
分析行數
1
發現
claude
審計單位
低風險問題 (1)
Credential brute-forcing functionality
The skill enables users to perform credential brute-forcing attacks against ONVIF devices using wordlists. While designed for authorized security testing, this capability could potentially be misused for unauthorized access. The tool includes rate limiting (max 20 attempts by default) as a safeguard. Quote from SKILL.md line 47-55: "Attempts credential brute-forcing on protected endpoints" with options for custom wordlists.

審計版本 1

低風險

Jan 10, 2026, 11:38 AM

This is a prompt wrapper skill for a legitimate ONVIF security auditing tool. The skill itself contains only documentation and instructions for using the external onvifscan binary. The tool provides authentication testing and credential brute-forcing capabilities designed for authorized security assessments of IP cameras and ONVIF devices. Built-in safeguards include rate limiting and warnings about potentially destructive endpoints.

1
已掃描檔案
81
分析行數
1
發現
claude
審計單位
低風險問題 (1)
Credential brute-forcing functionality
The skill enables users to perform credential brute-forcing attacks against ONVIF devices using wordlists. While designed for authorized security testing, this capability could potentially be misused for unauthorized access. The tool includes rate limiting (max 20 attempts by default) as a safeguard. Quote from SKILL.md line 47-55: "Attempts credential brute-forcing on protected endpoints" with options for custom wordlists.