Skip to main content

On This Page

12MB Rust CLI Refuses to Lie: KiloCheck Returns 0.0 Confidence on Suspicious Recruiter Pitch, Exposes Social Engineering Signal

3 min read
Share

These articles are AI-generated summaries. Please check the original sources for full details.

A Vibe Is Not a Verdict: I Built a Tool That’s Allowed to Say ‘I Don’t Know’

Developer Don Johnson built KiloCheck, a 12MB offline IP-reputation engine in Rust, to answer one question without vibes. When a suspicious recruiter email arrived, the tool returned ‘unknown’ with 0.0 confidence—refusing to guess despite the author’s gut screaming scam.

Why This Matters

The technical reality of threat triage is that analysts often rely on gut feelings and tools that inflate confidence to please their operators, leading to wasted effort on false positives and missed signals in social engineering. KiloCheck’s design—cryptographically verified offline lookups with an explicit ‘unknown’ state—proves that a tool which says ‘I don’t know’ under pressure is more valuable than one that guesses to match a user’s mood, as demonstrated by the author’s morning: a 0.0 verdict redirected analysis from a clean IP to the actual spam source, avoiding hours of dissecting a legitimate job board.

Key Insights

  • KiloCheck, written in Rust, uses a four-stage pipeline—ingest, normalize, compile, check—with cryptographically signed local snapshots and zero network calls at query time, ensuring offline operation.
  • The tool defines five distinct states—missing, unknown, stale, incomplete, unsafe—refusing to conflate ‘I don’t know’ with ‘safe’ or ‘bad,’ a design choice that prevented false positives during the author’s test.
  • A 0.0 confidence ‘unknown’ verdict on the recruiter’s host led the author to redirect analysis with curl and openssl, uncovering a legitimate job-traffic aggregator redirect and a lead-gen spammer, not malware.
  • The experiment validated that honest negatives reframe investigations: ‘my own tool solved the case by refusing to pretend,’ shifting focus from infrastructure to social engineering.
  • The toolchain of dig, KiloCheck, curl, and openssl composed via stable JSON, enabling typed conversations with reality where ‘exit codes matter [and] schemas matter.‘

Working Examples

Install and verify KiloCheck, an offline IP-reputation engine written in Rust. The update pulls a signed data release with 3160 claims, and the status check confirms integrity and freshness.

curl -fsSL https://raw.githubusercontent.com/copyleftdev/kilocheck/v0.2.0/scripts/install.sh | sh
kilo update # pulls the signed data release → prints "Claims 3160"
kilo status --json
# → "integrity": "verified", "freshness": "fresh"

Resolve a suspicious hostname to an IP address using dig, then check it with KiloCheck. The tool returns an honest ‘unknown’ verdict with 0.0 confidence when no evidence exists.

$ dig +short <the-redirect-host>
203.0.113.90

$ kilo check 203.0.113.90 --json | jq '.data[0].verdict'

{
"disposition": "unknown",
"confidence": 0.0,
"recommended_action": "monitor",
"reason_codes": ["NOT_OBSERVED"]
}

kilo check <your-suspicions-here> --json

Practical Applications

  • Use case: Security analysts triaging suspicious links can use KiloCheck to verify IP reputation offline before engaging potential threats. Pitfall: Relying on gut feeling or ‘vibes’ instead of evidence can lead to wasting time on false positives or missing real threats.
  • Use case: Developers can compose small, single-purpose CLI tools speaking stable JSON to build auditable investigation pipelines. Pitfall: Using chatty, all-in-one APIs that leak queries or return confident-sounding guesses (e.g., 0.0 confidence reported as ‘safe’) undermines trust in the tool’s output.
  • Use case: Teams designing threat-intelligence systems should model ‘unknown’ as a distinct state, not a shade of ‘safe’ or ‘bad.’ Pitfall: Smearing unknown with unsafe leads to alarm fatigue and loss of signal; smearing unknown with safe lulls operators into complacency.

References:

Continue reading

Next article

Developers Ditch Complex Agent Stacks for 'Taste Skills' — 343k Install Caveman to Curb AI Output

Related Content