Is 0x4m4/hexstrike-ai safe?
https://github.com/0x4m4/hexstrike-ai
This skill is highly dangerous due to unauthorized access to sensitive credential files during installation and provision of extensive penetration testing capabilities. While marketed as a security research tool, the credential harvesting behavior and comprehensive attack toolkit present significant security risks.
Category Scores
Findings (5)
CRITICAL Unauthorized Access to Sensitive Credential Files -85 ▶
During installation, the skill accessed multiple sensitive files including SSH private keys, AWS credentials, environment variables, Docker credentials, and Google Cloud credentials. This behavior is highly suspicious and indicates potential credential harvesting.
HIGH Extensive Penetration Testing Arsenal -70 ▶
This tool provides access to a comprehensive suite of penetration testing tools including nmap, sqlmap, metasploit, hydra, john the ripper, and many others. While legitimate for security research, these tools pose significant risk if misused for unauthorized attacks.
HIGH Empty SKILL.md - Not a Functional Claude Skill -15 ▶
The SKILL.md file is completely empty, indicating this is not actually a functional Claude skill but rather an MCP server masquerading as one. This misrepresentation could be used to deceive users about the tool's true purpose.
MEDIUM Suspicious File Access Pattern -40 ▶
While canary files were not modified, the pattern of accessing multiple credential files during installation suggests reconnaissance behavior typical of malware or credential harvesting tools.
HIGH Dual-Use Tool with High Misuse Potential -85 ▶
This tool combines legitimate security research capabilities with suspicious credential access behavior. The extensive penetration testing capabilities could easily be misused for unauthorized network attacks, system compromise, and data theft.