中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:22 小时前 重新扫描
15 /100
arabic-threat-intel
Arabic-first OSINT and threat intelligence skill for monitoring Telegram channels, dark web search via Tor, and CT log subdomain discovery
Legitimate Arabic OSINT tool with minor documentation gaps but no malicious behavior detected.
技能名称arabic-threat-intel
分析耗时33.4s
引擎pi
可以安装
No immediate action required. Consider clarifying declared vs actual tool usage in SKILL.md for transparency.

安全发现 2 项

严重性 安全发现 位置
低危
Overdeclared filesystem:WRITE permission 文档欺骗
SKILL.md lists 'write' in requires_tools, but the implementation contains no file writing operations. This overstates the tool's filesystem access.
requires_tools:
    - exec
    - read
    - write
→ Remove 'write' from requires_tools or implement documented file output functionality.
 SKILL.md:13
低危
exec vs subprocess conceptual mismatch 文档欺骗
SKILL.md declares 'exec' tool but code uses Python subprocess module to invoke curl. This is technically equivalent but not explicitly documented.
requires_tools:
    - exec
→ Clarify that shell commands are executed via Python subprocess for curl operations.
 SKILL.md:13
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 subprocess.run(['curl',...]) at scripts/run.py:12,27,46
网络访问 NONE READ ✓ 一致 curl to t.me, crt.sh, onion sites - OSINT tool
文件系统 WRITE NONE ✓ 一致 No file write operations in scripts/run.py
3 项发现
🔗
中危 外部 URL 外部 URL
http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion/search/?q=
scripts/run.py:27
🔗
中危 外部 URL 外部 URL
http://3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion/search?q=
scripts/run.py:28
🔗
中危 外部 URL 外部 URL
https://crt.sh/?q=%25.
scripts/run.py:46

目录结构

3 文件 · 9.9 KB · 263 行
Markdown 2f · 134L Python 1f · 129L
├─ 📁 scripts
│ └─ 🐍 run.py Python 129L · 5.0 KB
├─ 📝 CHANGELOG.md Markdown 15L · 671 B
└─ 📝 SKILL.md Markdown 119L · 4.2 KB

安全亮点

✓ No credential harvesting or environment variable access
✓ No data exfiltration beyond displayed OSINT results
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ All functionality is documented in SKILL.md
✓ No sensitive file paths accessed (~/.ssh, ~/.aws, .env)
✓ Uses standard passive OSINT sources (public Telegram, crt.sh, dark web search engines)
✓ No reverse shell, C2, or persistence mechanisms
✓ Clear MIT license and transparent authorship