Skills
skills/wgpsec/aboutsecurity/ccupp-password-profiler/Socket

ccupp-password-profiler

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能与其声明目的高度一致,但该目的本身是为定向弱口令爆破和社工密码猜测服务。它要求处理高敏感个人数据,并明确把输出接入 hydra/zombie 等爆破工具,对 AI 代理来说属于高风险进攻性安全能力。安装来源存在中等供应链风险,尤其是 `f8x` 传递安装链;未见明确隐蔽外传,因此更适合归类为高风险可滥用技能,而非已确认恶意软件。

Confidence: 90%Severity: 91%
Audit Metadata
Analyzed At
Apr 22, 2026, 10:10 AM
Package URL
pkg:socket/skills-sh/wgpsec%2FAboutSecurity%2Fccupp-password-profiler%2F@eec7ce349114295f773be492a187a79ded1fe5e7