subfinder
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the Subfinder tool from its official GitHub repository (
github.com/projectdiscovery/subfinder) or pull an image from Docker Hub (projectdiscovery/subfinder). These are well-known, trusted sources for security professionals. - [COMMAND_EXECUTION]: The skill demonstrates how to execute the
subfindercommand along with other common security tools likehttpx,naabu, andnuclei. These commands are standard for the tool's intended purpose of security reconnaissance. - [CREDENTIALS_UNSAFE]: The documentation mentions configuration for various API keys (e.g., Shodan, Censys, VirusTotal). However, it uses generic placeholders like
your-shodan-api-keyand correctly instructs the user to place them in a local configuration file (~/.config/subfinder/provider-config.yaml) rather than hardcoding them in the skill itself.
Audit Metadata