v1.0.0

MUKI Asset Fingerprinting

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:55 AM.

Analysis

This is a coherent authorized-security scanning skill, but it deserves review because it can actively scan targets and collect credentials or personal data, and some credential rules are marked non-sensitive.

GuidanceInstall or use this only for authorized security testing. Verify the actual MUKI CLI comes from a trusted source, review the unexplained raw-IP fingerprint entry, restrict scans to approved targets, and treat every output report as sensitive because it may contain credentials, personal data, or financial identifiers.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

Sends protocol-specific probes... Sensitive Path Detection... Automatically extracts high-risk information from responses. Categories: Credentials, Personal Data, Financial

The skill is explicitly designed to send active network probes, check sensitive paths, and extract sensitive response data. This is coherent for authorized penetration testing, but it is high-impact and can be misused outside a defined engagement scope.

User impactIf run against systems without permission, the tool could create unwanted traffic, discover exposed endpoints, and collect credentials or personal information.

RecommendationUse only with written authorization, provide a narrow target list, keep thread counts conservative, and disable active or directory scans when they are not in scope.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

Use Tor proxy for anonymity ... Adjust thread count to avoid detection

The documentation includes stealth/anonymity guidance. That can be legitimate in an approved red-team test, but the wording can also encourage unsafe use if the user has not confirmed authorization.

User impactProxy or stealth scanning may bypass normal monitoring expectations and can create legal or policy issues if not explicitly approved.

RecommendationConfirm the rules of engagement allow proxying, anonymity, and stealth behavior before using those options.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

references/finger.json

location: https://54.79.99.238:2087/

A raw-IP HTTPS endpoint appears inside the large fingerprint reference database and was flagged by the static scanner. The artifacts do not show it is executed or used as an installer, but it is unexplained and should be verified.

User impactAn unexplained raw-IP reference can make it harder to know whether the fingerprint database is clean and well-sourced.

RecommendationReview or remove the raw-IP entry, document the database source, and only pair the skill with a trusted, pinned MUKI executable.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceMediumStatusConcern

references/Rules.yml

- name: 密码 ... scope: response body ... sensitive: false
- name: 账号 ... scope: response body ... sensitive: false
- name: JDBC ... scope: any ... sensitive: false

The rules intentionally detect passwords, accounts, and JDBC connection strings, but mark them as not sensitive. If these rule labels drive report handling or downstream context use, credential-like findings may not receive the protection the SKILL.md recommends.

User impactExtracted passwords, usernames, or database connection strings could be handled like ordinary findings in reports or agent context.

RecommendationTreat all scan outputs as sensitive, update credential/JDBC rules to mark them sensitive, and encrypt or delete reports according to the engagement data-handling plan.