skills/snailsploit/claude-red/offensive-z-wave/Snyk

offensive-z-wave

Fail

Audited by Snyk on May 8, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

Malicious code pattern detected (high risk: 1.00). This is an explicit offensive playbook: it provides step-by-step methods to sniff and derive/exfiltrate Z‑Wave network keys, brute‑force or replay/inject commands to unlock or control devices, and compromise hubs to harvest credentials and pivot — clearly intended to enable unauthorized access and malicious control.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs a runtime install/execute sequence ("git clone https://github.com/cureHsu/EZ-Wave" then use ezwave-sniff), which fetches remote code from https://github.com/cureHsu/EZ-Wave and executes it as a required dependency.

Issues (2)

E006

CRITICAL

Malicious code pattern detected in skill scripts.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

CRITICAL

Analyzed

May 8, 2026, 03:34 AM

Issues

2

Security Audit — snyk — offensive-z-wave