Security audit of asaotomo/FofaMap · MCP Server by asaotomo · ★ 636
Yes — FofaMap passed AgentSkillsHub's rule-based security scan with no dangerous patterns detected. As with any third-party skill, confirm what credentials it requests before production use.
What it is: FofaMap v2.0 是一款基于 Python3 开发的全网首个 AI 驱动红队资产测绘智能体。在延续原有 FOFA 数据采集、存活检测、统计聚合、图标 Hash 及批量查询等核心功能的基础上,2.0 版本原生支持 MCP 协议,可无缝接入 Cursor、Claude 等 AI 平台。其核心内置了 AI 自我反思机制,能根据查询结果自动调优语法,并智能联动 Nuclei 推荐精准扫描策略,实现从“被动采集”到“主动智能决策”的红队作业进化。
No dangerous patterns were detected: no credential exfiltration, no obfuscated downloads, no sandbox-escape attempts, no prompt-injection markers.
| Security grade | ✓ SAFE |
| Quality score | 58/100 |
| GitHub stars | 636 |
| Language | Python |
| License | Apache-2.0 |
| Last updated |
This is AgentSkillsHub's free basic audit: an automated rule-based scan covering SlowMist's 11 red-flag categories (credential exfiltration, obfuscated payloads, sandbox escape, prompt injection, and more) across 117,000+ open-source AI agent skills and MCP servers, refreshed every 8 hours. A SAFE grade is a scan result, not a guarantee — deep 5-dimension audits (code · credentials · vendor · supply-chain · operational) are available for enterprise. Audited: 2026-07-03.