Recon
Facilitates security reconnaissance by mapping network infrastructure and identifying assets through passive and active scanning techniques.
Install this skill
Security score
The Recon skill was audited on Mar 1, 2026 and we found 15 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Curl to non-GitHub URL
| 27 | curl -s -X POST http://localhost:8888/notify \ |
Access to hidden dotfiles in home directory
| 9 | `~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/Recon/` |
Access to hidden dotfiles in home directory
| 38 | **Full documentation:** `~/.claude/skills/CORE/SkillNotifications.md` |
Access to hidden dotfiles in home directory
| 236 | - Note: Requires security MCP profile (`~/.claude/MCPs/swap-mcp security`) |
Access to hidden dotfiles in home directory
| 376 | - **Work scratch/** (`~/.claude/MEMORY/WORK/{current_work}/scratch/`) - For iterative artifacts during investigation |
Access to hidden dotfiles in home directory
| 377 | - **MEMORY/RESEARCH/** (`~/.claude/MEMORY/RESEARCH/YYYY-MM/`) - For pentest engagements and formal assessments |
Access to hidden dotfiles in home directory
| 386 | ~/.claude/MCPs/swap-mcp security |
Access to hidden dotfiles in home directory
| 434 | Report: ~/.claude/MEMORY/WORK/{current_work}/scratch/recon-example-com/ |
Access to hidden dotfiles in home directory
| 509 | - `~/.claude/skills/OSINT/` - Entity and people reconnaissance |
Access to hidden dotfiles in home directory
| 510 | - `~/.claude/skills/Webassessment/` - Web application testing |
Access to .env file
| 222 | - API Key: `process.env.IPINFO_API_KEY` |
External URL reference
| 27 | curl -s -X POST http://localhost:8888/notify \ |
External URL reference
| 513 | - IPInfo API: https://ipinfo.io/developers |
External URL reference
| 514 | - Certificate Transparency: https://crt.sh |
External URL reference
| 518 | - OWASP Testing Guide: https://owasp.org/www-project-web-security-testing-guide/ |