審計紀錄
picocom - 6 審計
審計版本 6
最新 高風險Jun 28, 2026, 05:10 PM
Static analysis found many command, filesystem, network, and credential-access patterns. Many are expected for an IoT UART testing skill, but the documentation also includes persistence, backdoor user creation, reverse shells, privileged file access, and firmware exfiltration examples. No prompt injection attempt was found, so this is high-risk dual-use content rather than confirmed hidden malware.
高風險問題 (4)
中風險問題 (2)
低風險問題 (2)
風險因素
偵測到的模式
審計版本 5
中風險Jan 16, 2026, 08:12 PM
Legitimate IoT security testing tool. The static analysis flagged 664 patterns but these are FALSE POSITIVES - documentation of standard pentesting commands to run on TARGET DEVICES, not malicious host behavior. The only actual code (serial_helper.py) has one controlled subprocess feature for trigger scripts with 30-second timeout. Authorization requirements are documented. Safe for marketplace.
中風險問題 (1)
低風險問題 (1)
風險因素
⚙️ 外部命令 (3)
📁 檔案系統存取 (2)
🌐 網路存取 (2)
審計版本 4
中風險Jan 16, 2026, 08:12 PM
Legitimate IoT security testing tool. The static analysis flagged 664 patterns but these are FALSE POSITIVES - documentation of standard pentesting commands to run on TARGET DEVICES, not malicious host behavior. The only actual code (serial_helper.py) has one controlled subprocess feature for trigger scripts with 30-second timeout. Authorization requirements are documented. Safe for marketplace.
中風險問題 (1)
低風險問題 (1)
風險因素
⚙️ 外部命令 (3)
📁 檔案系統存取 (2)
🌐 網路存取 (2)
審計版本 3
中風險Jan 10, 2026, 11:40 AM
Legitimate IoT security testing tool with documented external command execution capability for trigger scripts in monitor mode. The subprocess execution is user-controlled, timeout-limited, and intended for legitimate security testing workflows. No network calls or credential theft patterns detected.
中風險問題 (1)
低風險問題 (1)
風險因素
⚙️ 外部命令 (1)
📁 檔案系統存取 (2)
審計版本 2
中風險Jan 10, 2026, 11:40 AM
Legitimate IoT security testing tool with documented external command execution capability for trigger scripts in monitor mode. The subprocess execution is user-controlled, timeout-limited, and intended for legitimate security testing workflows. No network calls or credential theft patterns detected.
中風險問題 (1)
低風險問題 (1)
風險因素
⚙️ 外部命令 (1)
📁 檔案系統存取 (2)
審計版本 1
中風險Jan 10, 2026, 11:40 AM
Legitimate IoT security testing tool with documented external command execution capability for trigger scripts in monitor mode. The subprocess execution is user-controlled, timeout-limited, and intended for legitimate security testing workflows. No network calls or credential theft patterns detected.