hunt-springboot
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [SAFE]: The skill is a legitimate collection of penetration testing commands and payloads for Spring Boot environments. No malicious intent or hidden code was found during the analysis.
- [SAFE]: The skill references the Eclipse Memory Analyzer (MAT), an official and well-known tool from the Eclipse Foundation, for performing deep analysis on downloaded heap dumps.
- [COMMAND_EXECUTION]: The skill utilizes common command-line utilities such as "curl", "grep", "strings", and "sort" to perform vulnerability enumeration and analysis on a user-defined target host.
- [REMOTE_CODE_EXECUTION]: Automated scanners flagged the use of "curl | python3" as a high-risk pattern. Technical review confirms these commands utilize "python3 -m json.tool", which is a safe, standard module used exclusively for pretty-printing JSON data and does not execute remote code.
- [DATA_EXFILTRATION]: The skill is designed to identify and extract credentials (such as passwords and API tokens) from a remote target's memory or environment configuration for authorized security testing. It does not exfiltrate user data or credentials from the host machine to any external parties.
Audit Metadata