elementalsouls/Claude-OSINT/osint-methodology
21
dangerous
analyzed 2h ago
WHY THIS SCORE
- high eval_exec: dynamic eval/exec of code
- medium secret_access: references credentials / private keys / secrets (legitimate for some tools; see behavior)
- medium secret_access: references credentials / private keys / secrets (legitimate for some tools; see behavior)
- medium secret_access: references credentials / private keys / secrets (legitimate for some tools; see behavior)
- medium hidden_download: downloads files to disk
- LLM judged overall risk 5/100
Claims
A comprehensive OSINT methodology for external red-team operations, covering recon, asset mapping, confidence scoring, and client deliverables.
Actual behavior
The skill acts as a **methodological guide and output formatter** for an AI agent. It defines strict rules for authorization checks, confidence levels, and output schemas (JSON-like structure). It does not contain executable code scripts but provides structured instructions (prompts/templates) for the agent to follow during reasoning and reporting.
Findings
high eval_exec — dynamic eval/exec of code
**Email priority:** exec (CEO/CFO/CISO) → IT/h
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
es (`.git/config`, `.env`, `/actuator/env`,
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
lations. Examples: `.env` exposed, listable
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
igger. |
| Exposed `.env` with DB credential
medium hidden_download — downloads files to disk
e paths, wordlists, curl one-liners, regexes, and scoring rubrics — in `offensive-osint`. This skill de
Attestation
signer 0xB62e1c338a83D3a6621f9127eEa5B000caCfCd01
digest 0x725ef2a47a54afc292a8e15487aa0170672d06fb62623a6e04520df597339ce0
verify: GET /skill/verify?digest=…&signature=… · scheme eip191-sha256
← Back to the index