📦

審計紀錄

pentest-coordinator - 6 審計

審計版本 6

最新 高風險

Jun 28, 2026, 09:37 PM

Static command, network, filesystem, credential, and privilege-escalation findings are confirmed as real because the Markdown instructs an AI agent to execute offensive actions. The skill directs autonomous reconnaissance, exploitation, Active Directory account manipulation, credential attacks, and root flag capture with repeated instructions not to stop. No evidence found of third-party exfiltration or audit-specific prompt injection, but the unguarded autonomous offensive workflow is high risk and not safe to publish without strict authorization controls.

2
已掃描檔案
1,669
分析行數
13
發現
codex
審計單位

高風險問題 (5)

Autonomous Offensive Testing Without Authorization Gate
The skill automatically activates on a target IP and instructs the agent to coordinate reconnaissance, exploitation, privilege escalation, and flag capture. This is dangerous because a marketplace skill could run offensive actions against systems without validating legal scope or user authorization.
Never-Stop Autonomy Instructions Override User Oversight
The skill repeatedly says the agent cannot stop execution, cannot ask for help, and must continue until flags are captured. This is risky because it can pressure the model to ignore normal safety pauses, user oversight, and bounded execution limits.
Network Scanning and Exploit Execution Guidance
The skill instructs use of network scanners, web enumeration, web shell triggering, and vulnerability scripts against target hosts. These commands are expected in a lab, but they are high risk when packaged for autonomous use without scope controls.
Privilege Escalation and Root Capture Instructions
The skill includes privilege escalation checklists and example commands for obtaining a root shell and reading root-only flag files. This can enable unauthorized escalation if used outside an isolated challenge environment.
Active Directory Credential and Account Manipulation Playbook
The supplement provides steps for empty-password authentication, LDAP password modification, NTLM hash generation, pass-the-hash style use, computer account creation, and ACL or group changes. These are offensive techniques that can compromise domain accounts if used on real networks.
中風險問題 (3)
Weak Cryptography Used for NTLM Attack Workflow
The weak MD4 hash pattern is used to generate NTLM hashes for Active Directory authentication attacks. This is not a software cryptography bug in the skill, but it is part of an offensive credential workflow.
Sensitive File and Local State Access
The skill instructs writing a local pentest state file and reading common user and root flag paths. This is expected for CTF-style operation, but it normalizes filesystem reads that could touch sensitive files on compromised systems.
Password Attack Budget Still Allows Large Attempt Counts
The skill includes guardrails for password attempts, but some scenarios allow up to 10000 attempts before pivoting. That can still create account lockout, service load, or unauthorized password attack risk.
低風險問題 (2)
Hardcoded IP Addresses and URLs Are Placeholder Examples
The hardcoded IP addresses and HTTP URLs appear in examples that use private lab-style addresses. They are not evidence of fixed exfiltration infrastructure.
Device File Access Is Error Redirection
The standard device file access finding refers to shell error redirection to /dev/null in a file-search example. This is normal shell usage, though the surrounding command is still part of offensive post-exploitation.

偵測到的模式

Mandatory Command Execution Before ResponsesNetwork Reconnaissance CommandsRemote Command Execution and Shell TriggeringSudo-Based Privilege EscalationLDAP Modification and Account Takeover Techniques

審計版本 5

高風險

Jan 16, 2026, 09:56 PM

Legitimate penetration testing framework designed for CTF and lab environments. Contains offensive security capabilities (network scanning, exploitation, privilege escalation) but includes safety mechanisms (password budgets, time limits, circuit breakers). Static findings confirm legitimate pentesting tool patterns - no malicious intent detected. Designed for authorized testing only per documentation.

3
已掃描檔案
1,901
分析行數
4
發現
claude
審計單位
中風險問題 (1)
Penetration Testing Capabilities
Skill contains network scanning, exploitation, and privilege escalation techniques. These are legitimate for authorized testing but could be misused without proper context.

風險因素

審計版本 4

高風險

Jan 16, 2026, 09:56 PM

Legitimate penetration testing framework designed for CTF and lab environments. Contains offensive security capabilities (network scanning, exploitation, privilege escalation) but includes safety mechanisms (password budgets, time limits, circuit breakers). Static findings confirm legitimate pentesting tool patterns - no malicious intent detected. Designed for authorized testing only per documentation.

3
已掃描檔案
1,901
分析行數
4
發現
claude
審計單位
中風險問題 (1)
Penetration Testing Capabilities
Skill contains network scanning, exploitation, and privilege escalation techniques. These are legitimate for authorized testing but could be misused without proper context.

風險因素

審計版本 3

中風險

Jan 10, 2026, 12:07 PM

Legitimate penetration testing framework for authorized security testing. Contains offensive capabilities but includes safety mechanisms and is designed for controlled environments only.

2
已掃描檔案
1,550
分析行數
4
發現
claude
審計單位
中風險問題 (1)
Penetration Testing Capabilities
Skill contains network scanning, exploitation, and privilege escalation techniques. These are legitimate for authorized testing but could be misused without proper context.

風險因素

🌐 網路存取 (1)
⚙️ 外部命令 (1)
📁 檔案系統存取 (1)

審計版本 2

中風險

Jan 10, 2026, 12:07 PM

Legitimate penetration testing framework for authorized security testing. Contains offensive capabilities but includes safety mechanisms and is designed for controlled environments only.

2
已掃描檔案
1,550
分析行數
4
發現
claude
審計單位
中風險問題 (1)
Penetration Testing Capabilities
Skill contains network scanning, exploitation, and privilege escalation techniques. These are legitimate for authorized testing but could be misused without proper context.

風險因素

🌐 網路存取 (1)
⚙️ 外部命令 (1)
📁 檔案系統存取 (1)

審計版本 1

中風險

Jan 10, 2026, 12:07 PM

Legitimate penetration testing framework for authorized security testing. Contains offensive capabilities but includes safety mechanisms and is designed for controlled environments only.

2
已掃描檔案
1,550
分析行數
4
發現
claude
審計單位
中風險問題 (1)
Penetration Testing Capabilities
Skill contains network scanning, exploitation, and privilege escalation techniques. These are legitimate for authorized testing but could be misused without proper context.

風險因素

🌐 網路存取 (1)
⚙️ 外部命令 (1)
📁 檔案系統存取 (1)