offensive-zigbee-thread-matter
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains a hardcoded well-known Zigbee transport key used for Touchlink commissioning abuse.
- Evidence: 0x9F559A553B7A6B2C5C4FBB4E84956F3D is provided as the transport key.
- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to download and install security toolkits from external third-party repositories.
- Evidence: 'git clone https://github.com/IoTsec/Z3sec' is used to install a commissioning attack toolkit.
- Evidence: References are made to the KillerBee suite at github.com/riverloopsec/killerbee.
- [COMMAND_EXECUTION]: The skill provides numerous shell commands and Python scripts intended for offensive network operations that interact with hardware interfaces and remote devices.
- Evidence: Use of 'zbstumbler' for network discovery and 'zbdump' for traffic sniffing.
- Evidence: Python scripts using 'scapy' to inject ZCL (Zigbee Cluster Library) frames to unlock doors or control devices.
Audit Metadata