中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:20 hr ago Rescan
15 /100
arabic-threat-intel
Arabic-first OSINT and threat intelligence skill for monitoring Telegram channels, dark web search via Tor, and CT log subdomain discovery
Legitimate Arabic OSINT tool with minor documentation gaps but no malicious behavior detected.
Skill Namearabic-threat-intel
Duration33.4s
Enginepi
Safe to install
No immediate action required. Consider clarifying declared vs actual tool usage in SKILL.md for transparency.

Findings 2 items

Severity Finding Location
Low
Overdeclared filesystem:WRITE permission Doc Mismatch
SKILL.md lists 'write' in requires_tools, but the implementation contains no file writing operations. This overstates the tool's filesystem access.
requires_tools:
    - exec
    - read
    - write
→ Remove 'write' from requires_tools or implement documented file output functionality.
 SKILL.md:13
Low
exec vs subprocess conceptual mismatch Doc Mismatch
SKILL.md declares 'exec' tool but code uses Python subprocess module to invoke curl. This is technically equivalent but not explicitly documented.
requires_tools:
    - exec
→ Clarify that shell commands are executed via Python subprocess for curl operations.
 SKILL.md:13
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned subprocess.run(['curl',...]) at scripts/run.py:12,27,46
Network NONE READ ✓ Aligned curl to t.me, crt.sh, onion sites - OSINT tool
Filesystem WRITE NONE ✓ Aligned No file write operations in scripts/run.py
3 findings
🔗
Medium External URL 外部 URL
http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion/search/?q=
scripts/run.py:27
🔗
Medium External URL 外部 URL
http://3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion/search?q=
scripts/run.py:28
🔗
Medium External URL 外部 URL
https://crt.sh/?q=%25.
scripts/run.py:46

File Tree

3 files · 9.9 KB · 263 lines
Markdown 2f · 134L Python 1f · 129L
├─ 📁 scripts
│ └─ 🐍 run.py Python 129L · 5.0 KB
├─ 📝 CHANGELOG.md Markdown 15L · 671 B
└─ 📝 SKILL.md Markdown 119L · 4.2 KB

Security Positives

✓ No credential harvesting or environment variable access
✓ No data exfiltration beyond displayed OSINT results
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ All functionality is documented in SKILL.md
✓ No sensitive file paths accessed (~/.ssh, ~/.aws, .env)
✓ Uses standard passive OSINT sources (public Telegram, crt.sh, dark web search engines)
✓ No reverse shell, C2, or persistence mechanisms
✓ Clear MIT license and transparent authorship