← 返回 Skills 市场
Phishing Kit Detector
作者
snipercat69
· GitHub ↗
· v1.4.0
· MIT-0
102
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install edgeiq-phishing-kit-detector
功能描述
Detects phishing kit artifacts, brand impersonation, suspicious JavaScript, and infrastructure on URLs or local HTML to identify phishing kit clones.
使用说明 (SKILL.md)
Phishing Kit Detector
Skill Name: phishing-kit-detector
Version: 1.0.0
Category: Security / Phishing / OSINT
Price: Lifetime: $39 / Optional Monthly: $7/mo (includes all Pro features permanently)
Author: EdgeIQ Labs
OpenClaw Compatible: Yes — Python 3, pure stdlib, WSL + Linux
What It Does
Detects phishing kit artifacts, brand impersonation, form action URLs, stolen branding, suspicious JavaScript, and credential harvesting infrastructure. Analyzes live URLs or local HTML dumps to determine if a page is a phishing kit clone.
⚠️ Legal Notice: Only analyze domains you own or have explicit written authorization to audit. Not for unauthorized scanning of third-party sites.
Features
- Phishing artifact detection — form action URLs pointing to credential capture endpoints, hidden fields, credential autocomplete
- Brand impersonation analysis — detects brand logos, CSS frameworks, and imagery copied from legitimate sites
- Infrastructure fingerprinting — shared/free hosting detection, suspicious TLDs, URL path patterns
- JavaScript analysis — credential harvesting scripts, redirect chains, keyloggers, obfuscated callbacks
- Stolen branding detection — references to legitimate brand assets, fake SSL badges, trust seals
- URL structure analysis — phishing-specific URL path patterns (login, account, verify, secure)
- JSON export — structured forensic report
Tier Comparison
| Feature | Free | Lifetime ($39) | Optional Monthly ($7/mo) |
|---|---|---|---|
| URL scan | ✅ (5 scans) | ✅ (unlimited) | ✅ (unlimited) |
| Local file scan | ✅ | ✅ | ✅ |
| Brand impersonation check | ✅ | ✅ | ✅ |
| JS analysis | ✅ | ✅ | ✅ |
| Infrastructure fingerprinting | ✅ | ✅ | ✅ |
| Stolen branding detection | ✅ | ✅ | ✅ |
| JSON export | ✅ | ✅ | ✅ |
Installation
cp -r /home/guy/.openclaw/workspace/apps/phishing-kit-detector ~/.openclaw/skills/phishing-kit-detector
Usage
Basic URL scan (free tier)
python3 phishing_detector.py --url "https://suspicious-site.com/login"
Local HTML file scan (Pro)
[email protected] python3 phishing_detector.py \
--file /path/to/phishing_page.html --pro
Brand impersonation check (Pro)
python3 phishing_detector.py --url "https://fake-paypal.com" \
--brands paypal,amazon,apple --pro
Full bundle analysis + JSON export
[email protected] python3 phishing_detector.py \
--url "https://phishing-site.net" --bundle --output report.json
Parameters
| Flag | Type | Default | Description |
|---|---|---|---|
--url |
string | — | Phishing URL to analyze |
--file |
string | — | Path to local HTML file |
--brands |
string | — | Comma-separated brand list (paypal,amazon,apple,google,microsoft,facebook,instagram,twitter,netflix,linkedin) |
--pro |
flag | False | Enable Pro features |
--bundle |
flag | False | Enable Bundle features |
--output |
string | — | Write JSON report to file |
Brand List
Supported brands for impersonation detection:
paypal · amazon · apple · google · microsoft · facebook · instagram · twitter · netflix · linkedin · ebay · salesforce · dropbox · slack · zoom · steam · epic games · steam · yahoo · cnn · chase · bank of america · wells fargo · capital one
Output Example
=== Phishing Kit Detector ===
Analyzing: https://fake-paypal.com/account/verify
🔴 PHISHING KIT DETECTED (98% confidence)
Artifact Analysis:
Form action → credential harvest endpoint detected
Hidden field → password re-entry field (credential capture)
Credential autocomplete → enabled on sensitive fields
Multiple forms → login + payment + PIN entry
Brand Impersonation:
Detected: PayPal (logo, CSS framework, brand colors)
Stolen assets: 3 CSS files, 2 images from paypal.com
Fake SSL badge detected
Infrastructure:
Free hosting provider detected (Freenom .tk domain)
Suspicious TLD: .tk — commonly used in phishing
Redirect chain: 2 hops before landing page
Shared hosting IP — multiple malicious sites on same IP
JavaScript Findings:
Credential harvester script detected
Keylogger injection found
Redirect to: paypal.com.legit-site.ru
Threat Level: CRITICAL — Sophisticated phishing kit with credential harvesting + keylogger
Pro Upgrade
Full phishing kit analysis + brand impersonation + JS analysis + infrastructure fingerprinting:
👉 Buy Lifetime — $39 👉 Subscribe Monthly — $7/mo
Support
Open a ticket in #edgeiq-support or email [email protected]
🔗 More from EdgeIQ Labs
edgeiqlabs.com — Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.
- 🛠️ Subdomain Hunter — Passive subdomain enumeration via Certificate Transparency
- 📸 Screenshot API — URL-to-screenshot API for developers
- 🔔 uptime.check — URL uptime monitoring with alerts
- 🛡️ headers.check — HTTP security headers analyzer
安全使用建议
This skill appears to implement phishing detection, but before installing or running it you should: 1) inspect the included files (phishing_detector.py and edgeiq_licensing.py) yourself or in a sandbox — they read/write ~/.edgeiq/*. 2) Be cautious about setting EDGEIQ_EMAIL to unlock Pro features — that acts as a license bypass and is not a standard API key. 3) Run scans only on domains you control or are authorized to test (the tool will fetch remote URLs). 4) If you plan to pay for 'Pro' or 'Bundle', verify the vendor identity and Stripe links; the repository/homepage information in the skill is sparse. 5) Prefer running the tool in an isolated VM or container and monitor outbound network traffic to ensure no unexpected exfiltration to unknown endpoints. If you want higher assurance, ask the publisher for a canonical source (Git repo or homepage) and a clear privacy/telemetry statement.
功能分析
Type: OpenClaw Skill
Name: edgeiq-phishing-kit-detector
Version: 1.4.0
The skill is a legitimate security utility designed to analyze URLs or local HTML files for phishing indicators, such as brand impersonation and credential harvesting patterns. The code in `phishing_detector.py` uses standard libraries (`urllib`, `re`, `socket`) to perform its stated functions without any evidence of data exfiltration, unauthorized execution, or malicious persistence. While `edgeiq_licensing.py` contains a hardcoded developer email (`[email protected]`) to bypass licensing checks, this is a common software licensing practice and does not pose a security risk to the user's system.
能力标签
能力评估
Purpose & Capability
The core functionality (HTML/JS analysis, URL fetching, brand signatures) matches the phishing-detector purpose. However, the bundle includes a separate licensing module that reads ~/.edgeiq/license.key and ~/.edgeiq/stripe_licenses.json and accepts EDGEIQ_EMAIL as a license shortcut; these side-effects are not declared in the registry metadata (which lists no required config paths or env vars). Reading/writing those files is outside the stated primary purpose and should be disclosed.
Instruction Scope
SKILL.md shows how to run scans and mentions using EDGEIQ_EMAIL to enable Pro features, but it does not call out that the code will read a license file in the user's home directory or accept an email as a license. The code will also fetch arbitrary remote URLs (expected for a scanner) — which is appropriate for the purpose but increases risk if run against unknown domains. The instructions do not disclose all data accesses performed by the included code.
Install Mechanism
There is no network install step or downloaded archive in the registry metadata; the skill is instruction-only with code files included. That is lower-risk than remote downloads. No package managers or external installers are invoked by the provided instructions.
Credentials
The registry declares no required env vars or credentials, yet both code files check the environment variable EDGEIQ_EMAIL and read license files under the user's home directory to enable Pro/Bundle features. Asking users to set EDGEIQ_EMAIL to unlock features is an unconventional and undeclared mechanism; reading home-directory files without declaring them is disproportionate to 'scan a URL' and should be explicit.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide privileges. The only persistent artifact is the expected ~/.edgeiq/ license files accessed by the licensing module; the skill does not appear to modify other skills or global agent config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install edgeiq-phishing-kit-detector - 安装完成后,直接呼叫该 Skill 的名称或使用
/edgeiq-phishing-kit-detector触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.0
v1.4.0: URGENT FIX — corrected Stripe Payment Link URLs (no suffixes, correct live URLs)
v1.3.0
v1.3.0: CRITICAL FIX — replaced placeholder Stripe URLs with real working Payment Link checkout URLs
v1.2.0
v1.2.0: Dual pricing — Lifetime as primary purchase option with optional monthly. Updated Stripe checkout URLs.
v1.0.0
Initial release: phishing artifact detection, brand impersonation analysis, form action URL scoring, harvest endpoint detection, JavaScript analysis, infrastructure fingerprinting.
元数据
常见问题
Phishing Kit Detector 是什么?
Detects phishing kit artifacts, brand impersonation, suspicious JavaScript, and infrastructure on URLs or local HTML to identify phishing kit clones. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 102 次。
如何安装 Phishing Kit Detector?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install edgeiq-phishing-kit-detector」即可一键安装,无需额外配置。
Phishing Kit Detector 是免费的吗?
是的,Phishing Kit Detector 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Phishing Kit Detector 支持哪些平台?
Phishing Kit Detector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Phishing Kit Detector?
由 snipercat69(@snipercat69)开发并维护,当前版本 v1.4.0。
推荐 Skills