rsa-ctf-skills
v1.0.0集成11种RSA攻击算法的CTF解题工具,支持factordb在线分解;当用户需要解密RSA密文、分解n模数、分析CTF密码学题目或实现特定RSA攻击场景时使用
⭐ 0· 124·0 current·0 all-time
by末心@moxin1044
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, SKILL.md, references, and scripts/rsa_solver.py all describe and implement RSA CTF attacks (factor, small_e, wiener, common_modulus, etc.). Requested dependencies (gmpy2, sympy, requests) are reasonable for big-integer math and the factordb call. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions tell the agent to run scripts/rsa_solver.py and consult references/attack-guides.md — this stays within the stated RSA/CTF scope. However the static pre-scan flagged a 'base64-block' prompt-injection pattern inside SKILL.md; the markdown and examples otherwise do not request unrelated system files or secrets. Review SKILL.md for any embedded or obfuscated payloads before enabling autonomous runs.
Install Mechanism
No install spec (instruction-only) — lowest install risk. The skill ships a Python script that will be executed when used; nothing is downloaded from unknown URLs or written system-wide during installation.
Credentials
No environment variables, credentials, or config paths are requested. The only external access is network calls to factordb.com via the requests library, which is consistent with the described 'factor' capability.
Persistence & Privilege
always is false (default). The skill is user-invocable and can be autonomously invoked (platform default) but it does not request permanent presence or modify other skills or system-wide settings.
Scan Findings in Context
[base64-block] unexpected: The static pre-scan flagged a base64-style block inside SKILL.md as a prompt-injection pattern. This is not expected for a documentation-style RSA CTF guide and could be a false positive (e.g., an encoded example) — inspect SKILL.md for any embedded/obfuscated instructions or encoded payloads before running.
Assessment
What to check before installing/running: 1) Inspect SKILL.md for the flagged base64/encoded block — ensure it is just documentation and not an instruction to leak secrets or execute hidden code. 2) Review scripts/rsa_solver.py locally (it’s included) — the only network request is to https://factordb.com/api?query=<n>, which matches the tool’s described behavior. 3) Note there are small code issues (duplicate/truncated function definitions visible in the bundled file); run the script in a sandbox or container first, not on a sensitive host. 4) Do not provide private keys or other secrets to the tool unless you trust the source and you run it in a controlled environment. 5) If you need autonomous use by an agent, prefer enabling it only after the above checks; consider running the script manually until you are confident in its integrity.Like a lobster shell, security has layers — review code before you run it.
latestvk97ej0h22p8cmhgjpgg5wk173x83a1b7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.