Skills
skills/brownfinesecurity/iothackbot/telnetshell/Gen Agent Trust Hub

telnetshell

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • DATA_EXFILTRATION (HIGH): The file enum_security.txt contains automated routines to locate and potentially exfiltrate sensitive files.
  • Evidence: Commands like find / -name "*.key", find / -name "*.pem", and find / -name "id_rsa*" are used to search the entire filesystem for private cryptographic keys.
  • Evidence: The script attempts to read /etc/shadow, which contains sensitive system password hashes.
  • CREDENTIALS_UNSAFE (HIGH): The skill specifically targets credential stores and authentication artifacts that could be used for further unauthorized access.
  • Evidence: The script uses find / -name "*password*" and find / -name "*credential*" to locate files likely containing plain-text secrets.
  • Evidence: It searches for authorized_keys to identify persistent access mechanisms.
  • COMMAND_EXECUTION (MEDIUM): The skill is built around executing commands on remote network targets via a helper script (telnet_helper.py). While this is the primary purpose for IoT pentesting, it provides a powerful primitive for arbitrary remote command execution if used maliciously.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:26 PM