offensive-wifi
Fail
Audited by Snyk on May 8, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). This skill instructs using captured/cracked credentials directly in commands (e.g., -p cracked_pass, --creds, passing passwords on CLI), which requires including secret values verbatim and is an insecure pattern that enables secret exfiltration.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This content is explicitly offensive, providing step‑by‑step instructions for credential theft (evil‑twin/RADIUS, EAP‑TLS cert theft, MSCHAPv2 capture), active network compromise (rogue APs, KARMA/Mana, captive‑portal phishing, deauth/DoS, WPS Pixie Dust, WPA3 downgrades, KRACK/FragAttacks) and post‑compromise pivoting (AD/RADIUS pivots, silentbridge), and therefore carries deliberate malicious intent and very high abuse potential.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching and running public GitHub repositories (e.g., git clone https://github.com/vanhoefm/dragonblood, krackattacks-scripts, fragattacks, silentbridge and similar commands) which are untrusted third‑party code/content that the workflow expects you to read/execute and that could materially change tooling/decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime git clone and execution of remote scripts (e.g., https://github.com/vanhoefm/dragonblood, https://github.com/vanhoefm/krackattacks-scripts, https://github.com/vanhoefm/fragattacks, https://github.com/s0lst1c3/silentbridge), meaning it fetches and runs external code during execution and therefore depends on remote content that executes code.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). Contains explicit sudo commands and instructions to change network interfaces, kill processes, start services and rogue APs (hostapd/eaphammer/silentbridge) which alter system/network configuration and require elevated privileges, so it directs the agent to modify the machine's state.
Issues (5)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata