審計紀錄
telnetshell - 6 審計
審計版本 6
最新 嚴重Jun 28, 2026, 05:15 PM
Static analysis findings are confirmed in context. The skill is a telnet shell automation package for IoT penetration testing, but it includes explicit persistence, backdoor, credential harvesting, data extraction, firmware export, and trace removal guidance. Because these instructions enable post-exploitation and evasion, this skill should be blocked from marketplace publication.
嚴重問題 (3)
高風險問題 (3)
中風險問題 (2)
低風險問題 (1)
風險因素
偵測到的模式
審計版本 5
中風險Jan 16, 2026, 08:15 PM
This is a legitimate IoT penetration testing tool. Static analysis flagged 530 findings as suspicious, but evaluation confirms all are FALSE POSITIVES. The tool explicitly identifies as a pentesting skill and includes authorization requirements. The flagged patterns (password file access, SSH key enumeration, sudoers file access) are standard security enumeration commands used in authorized penetration testing. Risk level is MEDIUM because powerful capabilities require proper user authorization.
風險因素
⚙️ 外部命令 (1)
🌐 網路存取 (1)
📁 檔案系統存取 (1)
審計版本 4
中風險Jan 16, 2026, 08:15 PM
This is a legitimate IoT penetration testing tool. Static analysis flagged 530 findings as suspicious, but evaluation confirms all are FALSE POSITIVES. The tool explicitly identifies as a pentesting skill and includes authorization requirements. The flagged patterns (password file access, SSH key enumeration, sudoers file access) are standard security enumeration commands used in authorized penetration testing. Risk level is MEDIUM because powerful capabilities require proper user authorization.
風險因素
⚙️ 外部命令 (1)
🌐 網路存取 (1)
📁 檔案系統存取 (1)
審計版本 3
中風險Jan 10, 2026, 11:42 AM
This is a legitimate penetration testing tool for IoT device security assessment. The skill enables telnet connections to remote devices for enumeration and security testing. All network connections are to user-specified targets. The tool includes session logging for transparency. Use requires explicit authorization.
風險因素
⚙️ 外部命令 (1)
🌐 網路存取 (2)
📁 檔案系統存取 (2)
⚡ 包含腳本 (1)
審計版本 2
中風險Jan 10, 2026, 11:42 AM
This is a legitimate penetration testing tool for IoT device security assessment. The skill enables telnet connections to remote devices for enumeration and security testing. All network connections are to user-specified targets. The tool includes session logging for transparency. Use requires explicit authorization.
風險因素
⚙️ 外部命令 (1)
🌐 網路存取 (2)
📁 檔案系統存取 (2)
⚡ 包含腳本 (1)
審計版本 1
中風險Jan 10, 2026, 11:42 AM
This is a legitimate penetration testing tool for IoT device security assessment. The skill enables telnet connections to remote devices for enumeration and security testing. All network connections are to user-specified targets. The tool includes session logging for transparency. Use requires explicit authorization.