Skills
skills/automateyournetwork/netclaw/nmap-service-detection/Gen Agent Trust Hub

nmap-service-detection

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill orchestrates the execution of the nmap utility through a Python wrapper script. It constructs command lines using user-provided parameters such as targets, port ranges, and specific scripts. Execution depends on the environment variables MCP_CALL and NMAP_MCP_SCRIPT being correctly configured in the host environment.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes data from external network services.
  • Ingestion points: Data enters the agent's context through scan results, including service banners, HTTP headers, and script outputs from remote hosts.
  • Boundary markers: The instructions do not define specific delimiters or guardrails to prevent the agent from interpreting instructions embedded in scan results.
  • Capability inventory: The skill has the capability to execute network scans and command-line tools.
  • Sanitization: No explicit sanitization or filtering of the remote data is described in the skill definition.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 06:12 AM