📦 EdgeIQ
v1.0.0Performs passive subdomain enumeration using CT logs, DNS zone transfer checks, takeover detection, and optional bruteforce without active probing.
0· 0·0 当前·0 累计
by @snipercat69下载技能包
最后更新
2026/4/24
安全扫描
OpenClaw
可疑
high confidenceThe skill claims to be passive and declares no required credentials, but the shipped code performs active DNS/resolution/AXFR attempts and relies on undocumented environment variables and a local license file — the behavior and requirements don't fully match the description.
评估建议
This skill is inconsistent in important ways: it advertises passive reconnaissance but the code actively resolves hostnames, runs bruteforce resolution, and attempts zone-transfer-like network activity. Metadata says no env vars are required, yet the tool uses EDGEIQ_EMAIL, EDGEIQ_LICENSE_KEY, and ~/.edgeiq/license.key to unlock paid features — the author even hardcodes a specific email that will enable Pro features locally. Before installing or running: (1) review the Python source yourself or ...详细分析 ▾
⚠ 用途与能力
The description promises 'passive' enumeration (CT logs, no active probing) but the code performs active DNS resolution, bruteforce queries, and attempts zone transfer/AXFR-like TCP interactions — these are active probes. The skill also includes a licensing/payment model even though registry metadata lists no required credentials or config. This mismatch between advertised 'passive' behavior and implemented active network probing is a substantive inconsistency.
⚠ 指令范围
SKILL.md and README instruct the user to set EDGEIQ_EMAIL or a license file to unlock Pro/Bundle and to run the Python script; the runtime code contacts crt.sh and performs DNS/hostname resolution and takeover checks. The docs repeatedly claim 'no active probing' while instructing bruteforce and AXFR checks. The instructions also propose using the skill from Discord, and include external links (Stripe, Discord) — those endpoints are expected for a paid tool, but the omission of EDGEIQ_* env vars from declared requirements is a scope mismatch.
ℹ 安装机制
There is no install spec (instruction-only), and no external binary downloads — the distribution is just Python files. This is lower risk than arbitrary remote downloads, but the package does include executable code that will run network operations. Also the SKILL.md implies copying files into ~/.openclaw/skills; the presence of code files contradicts the 'instruction-only' framing in metadata (minor inconsistency).
⚠ 凭证需求
Registry metadata declares no required env vars or credentials, yet SKILL.md and the code read EDGEIQ_EMAIL and EDGEIQ_LICENSE_KEY and a local license file (~/.edgeiq/license.key). The licensing module also treats a specific email (gpalmieri21@gmail.com) as sufficient to grant Pro/Bundle access — this is an undocumented local bypass and an odd, unjustified use of an env var. Requesting or using these env vars should have been declared and justified in metadata.
✓ 持久化与权限
The skill does not request always: true and does not appear to modify other skills or system-wide agent settings. It reads a local license file and environment variables but does not request elevated privileges or persistent, autonomous installation. No evidence of persistent background processes or self-enablement beyond being installed as a skill.
⚠ subdomain_hunter.py:216
Potential obfuscated payload detected.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/24
Initial release: CT enumeration, zone transfer check, takeover detection, bruteforce wordlist, JSON export.
● 无害
安装命令
点击复制官方npx clawhub@latest install edgeiq-subdomain-hunter
镜像加速npx clawhub@latest install edgeiq-subdomain-hunter --registry https://cn.longxiaskill.com