Phishing Attacks

[Skill Scanner] Installation of third-party script detected This skill is a dual-use, high-risk instruction set that provides detailed, actionable steps to perform phishing and WiFi credential-harvesting attacks. While the stated purpose (authorized penetration testing / security awareness) matches the capabilities, the content lacks technical safeguards (integrity checks, secure handling of captured credentials, restrictions on using third-party tunnels) and explicitly instructs on disruptive actions (deauthentication) and credential harvesting. Because of that, the skill is dangerous if misused and should be treated as suspicious/high-risk in a supply-chain context: it enables credential exfiltration patterns and routing through third-party services (Ngrok), and instructs execution of unverified code from public repos. Recommend restricting distribution, adding strict authorization/enforcement controls, and including integrity and data-handling requirements before accepting into an agent skills repository. LLM verification: The file is a high-risk operational guide for credential-harvesting phishing and WiFi phishing attacks. While presented as a tool for authorized penetration testing and security awareness, it provides actionable steps (cloning/executing third-party code, running Ngrok, launching phishing pages, sending WiFi deauth frames) that enable misuse and increase supply-chain and exfiltration risk. The document lacks safeguards: no integrity verification for external code, no secure handling or retention