Hexstrike
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is transparent about being an offensive security helper, but it gives the agent broad command-line testing power and references cloud credentials and untrusted binary execution without enough containment guidance.
Install only if you intend to use this as an authorized security-testing assistant. Review each command before execution, avoid autonomous scans against real systems, run unknown binaries in an isolated VM/container, and use dedicated least-privilege cloud profiles.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could run active scans or attack-style tools that may disrupt systems or create legal risk if aimed at unauthorized targets.
The skill intentionally exposes broad direct CLI use of offensive security tooling. This is disclosed and central to the stated purpose, but it can affect real targets if used without careful authorization and command review.
Execute security tools directly via `exec`. No middleware, no MCP server — direct CLI access to 150+ security tools with methodology-driven workflows.
Use only on CTFs, lab systems, or explicitly authorized targets; review high-impact commands before execution and apply rate limits.
If pointed at a powerful cloud profile, the agent may enumerate sensitive cloud resources or operate with broader account authority than intended.
The cloud assessment workflow can use local AWS credential profiles, but the artifacts do not define expected IAM scope, account boundaries, output handling, or a dedicated least-privilege profile.
prowler aws --profile <PROFILE> --region <REGION> -M json scout-suite aws --profile <PROFILE>
Use a dedicated read-only assessment role/profile, confirm the target account and region, and avoid using production administrator credentials.
A malicious or unknown challenge binary could run code on the user's machine, access files, or make network connections.
The reverse-engineering workflow tells the agent to execute supplied binaries during dynamic analysis, but the artifacts do not provide sandbox, VM, network-isolation, or credential-isolation guidance.
ltrace ./<BINARY> strace -f ./<BINARY> gdb ./<BINARY>
Run unknown binaries only in a disposable VM or container with no sensitive credentials and restricted network access.
Installing security tools from unverified or moving sources can introduce vulnerable or malicious packages.
The install guidance is user-directed and purpose-aligned, but it encourages unpinned package installation and broad tool bundles.
pip3 install <package> Go tools: `go install <repo>@latest` Kali Linux: ... `sudo apt install kali-tools-*`
Prefer trusted repositories, pin versions where possible, and install tools in an isolated security lab environment.