offensive-iot
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill serves as a documentation resource for security professionals performing IoT pentests.
- [COMMAND_EXECUTION]: The skill provides numerous shell commands for hardware and firmware analysis, such as using
flashromfor SPI dumping,binwalkfor extraction, andbettercapfor wireless reconnaissance. These are used strictly within the context of the described auditing methodology. - [DATA_EXFILTRATION]: Includes instructions for identifying sensitive data like private keys and credentials within extracted firmware images (e.g., using
grepon arootfs/directory). This is localized to the firmware being analyzed and does not involve harvesting or exfiltrating data from the agent's host system. - [EXTERNAL_DOWNLOADS]: References official tools and repositories for security research (e.g.,
github.com/SnailSploit/offensive-checklist). These references are for documentation purposes and do not involve silent or malicious downloads.
Audit Metadata