Agent-P Web Recon - 网站内容侦察

The skill's files, scripts, and runtime instructions match its stated purpose (web OSINT and recon) and do not request unrelated credentials or hidden installs, though it includes active scanning steps that must only be run with authorization and a few minor documentation mismatches.

This skill appears to be what it says — a web recon / OSINT helper — but you should: (1) only run active mode (--active) when you have explicit written authorization for the target; (2) prefer passive mode by default to avoid generating logs or triggering alerts; (3) review the scripts before running and run them with a non‑privileged user in a directory you control (they create recon_report_* files); (4) be aware that impersonating crawlers (Googlebot UA) or disabling JS can violate site terms of service or laws in some jurisdictions — avoid misuse; (5) note the repository references some missing docs/scripts (documentation drift) — if you rely on those parts, request the author for the complete package; (6) if you plan to use dirsearch/gobuster/ffuf, install them from their official sources and understand their impact; and (7) if you need higher assurance, have a security reviewer audit the scripts and ensure network traffic is acceptable for your environment and legal context.