performing-authenticated-vulnerability-scan

This module is an authenticated credential validation/scan utility intended for assessing login validity and privilege level across SSH, WinRM, SMB and SNMPv3 services. The code contains no clear signs of obfuscated or intentionally malicious logic, no hard-coded credentials, and no exfiltration to external attacker infrastructure. The primary risk is its dual-use nature: it will transmit provided credentials to target hosts and execute commands to determine privileges, which makes it sensitive and potentially dangerous if used without proper authorization. Use only in authorized assessments; review credentials and target lists carefully and secure output artifacts (CSV, logs).

SUSPICIOUS: the skill is largely aligned with its stated purpose and uses mostly expected endpoints/tools, but it enables high-risk authenticated security scanning by an AI agent, forwards credentials into tooling, shows overly broad privilege examples, and disables TLS verification in the API example. This is not confirmed malware or credential harvesting, but it is a high-risk offensive/security administration skill.