fscan-scan
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a comprehensive set of commands for the fscan utility to perform network reconnaissance, automated port scanning, and service enumeration within internal networks.
- [REMOTE_CODE_EXECUTION]: It includes specific instructions for executing remote commands on target systems through multiple vectors, including SSH, WMI (wmiexec), and the exploitation of the MS17-010 (EternalBlue) vulnerability.
- [DATA_EXFILTRATION]: The skill explicitly guides the agent on how to use fscan to read and potentially exfiltrate sensitive system information, such as the /etc/shadow password file, from remote targets.
- [EXTERNAL_DOWNLOADS]: It encourages the download and execution of a third-party binary from an unverified GitHub repository (github.com/shadow1ng/fscan) and provides instructions on delivering this tool to target environments.
Recommendations
- AI detected serious security threats
Audit Metadata