skills/wgpsec/aboutsecurity/naabu-portscan/Socket

naabu-portscan

Warn

Audited by Socket on Apr 22, 2026

2 alerts found:

AnomalySecurity

Anomalyevals/evals.json

LOW

AnomalyLOW

evals/evals.json

No malware or obfuscated/payload code is present in this fragment. However, it is an operationally actionable configuration that explicitly enables offensive internal reconnaissance (port scanning and follow-on HTTP/vulnerability scanning) via ready-to-run toolchains. Treat as a high misuse-risk supply-chain artifact rather than a direct malicious binary/script.

Confidence: 60%Severity: 68%

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能与其声明用途一致，不像伪装型恶意技能；但它明确赋予 AI 代理端口扫描、网段探测和安全扫描链能力，属于高风险攻击性安全工具。综合判断为 SUSPICIOUS：非确认恶意，但安全风险高，不适合在缺少严格授权与人工审批的环境中启用。

Confidence: 91%Severity: 82%

Audit Metadata

Analyzed At

Apr 22, 2026, 10:10 AM

Package URL

pkg:socket/skills-sh/wgpsec%2FAboutSecurity%2Fnaabu-portscan%2F@b3abeb0d584f403bbd98858ef113cfa251fe6084