Skills
skills/automateyournetwork/netclaw/nmap-scan-management/Gen Agent Trust Hub

nmap-scan-management

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The nmap_custom_scan tool permits the agent to provide raw nmap flags. While the documentation claims to blacklist shell metacharacters and output-writing flags, providing an arbitrary string for command-line arguments is a high-risk pattern for command injection and bypass of intended security constraints.
  • [COMMAND_EXECUTION]: The nmap_get_scan tool accepts a scan_id parameter used to fetch files from disk. This introduces a risk of directory traversal attacks (e.g., using ../.. sequences) if the backend script fails to strictly validate that the ID does not contain path manipulation characters, potentially allowing the agent to read sensitive files outside the history directory.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates network interactions through the nmap utility. Although this is the primary purpose, the ability to specify arbitrary targets and flags can be leveraged for unauthorized network discovery or potentially for data exfiltration via network protocols supported by the scanner.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 02:40 PM