skill-security-protocol
nyx-archive-skill-security-protocol · v1.1.0 · by
55.8
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 40.0 | 15% |
| Clickfix | 65.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 5.0 | 10% |
| Infrastructure | 100.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 10.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[CRITICAL] Remote code download and execution via curl pipe
(line 108)
| **Download and execute patterns** | Classic malware delivery | `curl ... \| bash`, `wget && chmod +x` |
[HIGH] Prompt injection or system override attempt
(line 281)
**How to catch:** Read the full SKILL.md. Look for instructions like "ignore previous instructions," "you are now," "ove
[CRITICAL] Remote script download piped to shell execution
(line 108)
| **Download and execute patterns** | Classic malware delivery | `curl ... \| bash`, `wget && chmod +x` |
[MEDIUM] Cron job installation or modification
(line 43)
- Modify system files (configs, SSH keys, crontabs)
[MEDIUM] Cron job installation or modification
(line 110)
| **Persistence mechanisms** | Surviving reboots without consent | Adding to crontab, systemd, `.bashrc` |
[MEDIUM] Cron job installation or modification
(line 188)
crontab -l
[MEDIUM] Cron job installation or modification
(line 204)
- No crontab entries added
[MEDIUM] Cron job installation or modification
(line 277)
**How to catch:** Post-install verification. Check crontab, processes, and system services after installation.
[MEDIUM] Cron job installation or modification
(line 334)
crontab -l
[MEDIUM] System hosts file modification
(line 102)
| **Shell scripts modifying system files** | Can alter configs, SSH keys, firewall rules | `echo >> /etc/hosts` |
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 40
[CRITICAL] Classic prompt injection: ignore previous instructions
(line 281)
**How to catch:** Read the full SKILL.md. Look for instructions like "ignore previous instructions," "you are now," "ove
[HIGH] Content contains alarming words not in description: exfiltrate, malware, override
CLICKFIX — Score: 65
[CRITICAL] Instructs user to pipe downloaded content to shell
(line 108)
| **Download and execute patterns** | Classic malware delivery | `curl ... \| bash`, `wget && chmod +x` |
INFRASTRUCTURE — Score: 100
No findings.
TWOSTAGE — Score: 5
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 108)
| **Download and execute patterns** | Classic malware delivery | `curl ... \| bash`, `wget && chmod +x` |
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.