📦

審計紀錄

reconnaissance-knowledge - 7 審計

審計版本 7

最新 高風險

Jun 28, 2026, 09:44 PM

Static findings for Ruby backtick execution, weak cryptography, and hard link creation are false positives caused by markdown backticks, frontmatter text, and command syntax. The security risk is still high because the skill provides concrete active scanning, web brute forcing, vulnerability scan, default credential, and exploitation handoff guidance for arbitrary targets without enforcing authorization.

1
已掃描檔案
324
分析行數
9
發現
codex
審計單位

高風險問題 (3)

Active Network Scanning Guidance
The skill lists tools such as nmap, masscan, and netcat, then provides aggressive scan examples for discovering open ports and services on a placeholder target. This is dual-use guidance that can be applied to unauthorized systems if the user supplies a real target.
Web and Service Enumeration Against Targets
The skill gives directory brute force, vulnerability scan, SMB, FTP, SSH, and database enumeration steps. It includes anonymous access checks, default credential testing, and user enumeration checks that can expose services or accounts.
Exploitation Handoff Recommendations
The output template asks for potential attack vectors and recommended actions, and the final section tells the user to proceed to exploitation knowledge after reconnaissance. This goes beyond passive documentation and helps chain reconnaissance into exploitation planning.
中風險問題 (1)
Missing Authorization Guardrails
The purpose and best-practice sections describe gathering target information and adapting speed for playground or real environments, but they do not require proof of authorization or scope boundaries. This increases the chance of misuse against systems outside an approved assessment.
低風險問題 (2)
Static Parser False Positives in Markdown
The Ruby backtick execution findings are caused by markdown inline code and fenced examples, not Ruby source execution. The weak cryptography and hard link findings also lack supporting evidence in the cited lines.
Placeholder URLs and Private IP Examples
The hardcoded URL and IP findings are placeholders such as http://TARGET and a private lab-style address in example output. They do not show data exfiltration endpoints, but they reinforce the network reconnaissance use case.

偵測到的模式

Aggressive Reconnaissance CommandsDirectory Brute Force and Vulnerability ScanningDefault Credential and Account Enumeration Checks

審計版本 6

中風險

Jan 21, 2026, 04:21 PM

This skill provides educational content about network reconnaissance and penetration testing methodologies. Static analysis flagged 102 patterns related to security scanning tools (nmap, masscan, gobuster, enum4linux) and network operations. All findings are false positives - the skill contains no executable code, only documentation and example commands for authorized security testing. Risk level is medium due to dual-use nature of security tools, requiring users to have proper authorization. Content is appropriate for security professionals, CTF participants, and authorized penetration testers.

2
已掃描檔案
1,367
分析行數
4
發現
claude
審計單位
中風險問題 (1)
Dual-Use Security Tools Documentation
The skill documents usage of security scanning tools (nmap, masscan, gobuster, enum4linux, nikto) commonly used in penetration testing. While this is educational content without executable code, these tools require proper authorization before use. The skill appropriately frames this as educational for authorized testing contexts.

審計版本 3

安全

Jan 10, 2026, 12:09 PM

This is a knowledge-based security skill containing legitimate penetration testing methodologies. It provides structured guidance for network reconnaissance without executing any code or accessing systems. The skill contains only educational content about security tools and techniques.

1
已掃描檔案
324
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 2

安全

Jan 10, 2026, 12:09 PM

This is a knowledge-based security skill containing legitimate penetration testing methodologies. It provides structured guidance for network reconnaissance without executing any code or accessing systems. The skill contains only educational content about security tools and techniques.

1
已掃描檔案
324
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 1

安全

Jan 10, 2026, 12:09 PM

This is a knowledge-based security skill containing legitimate penetration testing methodologies. It provides structured guidance for network reconnaissance without executing any code or accessing systems. The skill contains only educational content about security tools and techniques.

1
已掃描檔案
324
分析行數
0
發現
claude
審計單位
未發現安全問題