Skills
skills/hardw00t/ai-security-arsenal/network-pentest/Snyk

network-pentest

Fail

Audited by Snyk on Feb 26, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill contains many commands and examples that embed plaintext passwords, hashes, and credentials directly (e.g., -p 'password', administrator:password, 'Password123!'), which requires the LLM to handle and potentially output secret values verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). The URL http://attacker/upload is an explicit attacker-controlled/untrusted endpoint (direct file upload/download) and represents a high-risk malware distribution/exfiltration vector, while https://github.com/lgandx/Responder is a well-known, legitimate open-source pentest tool; taken together the presence of the attacker-controlled endpoint makes these sources suspicious.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill contains explicit, actionable instructions for credential theft (Mimikatz, LSASS dumps, DCSync), lateral movement (Pass-the-Hash/Ticket, Rubeus), privilege escalation, persistence/backdoor creation (scheduled tasks, services, GPO abuse), and data exfiltration — enabling full domain compromise and clear malicious abuse.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching and later running Responder via the GitHub URL (git clone https://github.com/lgandx/Responder), which is a required external dependency that would fetch remote code and then be executed at runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit, actionable instructions to run privileged commands (sudo), modify system files (e.g., echo into /etc/passwd, create/modify services, sc create/config), and create user accounts and persistence, so it clearly pushes the agent to compromise the host state.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 26, 2026, 02:31 PM