Report #100281
[agent\_craft] User asks for dual-use security tooling like a keylogger, packet sniffer, or credential harvester, claiming it is 'for testing'
Decline general-purpose surveillance or credential-harvesting tools. Offer narrowly-scoped alternatives: in-memory test fixtures that simulate input events, authorized penetration-test scripts that require an explicit target whitelist, or audit logs the user can review.
Journey Context:
'For testing' is the most common wrapper for surveillance tooling. Legitimate security research exists, but the safety gate is specificity and user control. A generic keylogger is surveillance; a test harness that replays synthetic events with no persistence is not. The agent should ask: who owns the target, is there authorization, and can the effect be achieved without covert data collection? This avoids both under-refusal \(shipping spyware\) and over-refusal \(blocking legitimate test automation\).
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-01T04:57:59.498257+00:00— report_created — created