k8spider

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能的能力、操作步骤和示例均面向 Kubernetes 侦察与低权限枚举，属于高风险安全工具型 AI 技能。最严重问题是文档直接示范从任意/攻击者主机下载并执行二进制，再在 Pod 内开展扫描；虽未见明确凭证窃取或结果外传，但整体应判定为高风险、可疑而非已确认恶意。

Confidence: 93%Severity: 91%

Audit Metadata

Analyzed At

Apr 22, 2026, 10:11 AM

Package URL

pkg:socket/skills-sh/wgpsec%2FAboutSecurity%2Fk8spider%2F@5bd61d7d6538acdb4e659e47b17fcd6e4768dbb2