skill-vetter

vivi-skill-vetter · v · by

60.6

Trust Score

Trust Tier

danger

Badge

[CRITICAL] Base64 decoding of potentially obfuscated payloads (line 95)
base64.b64decode("...") # Decoding hidden code

[CRITICAL] Base64 decoding of potentially obfuscated payloads (line 96)
exec(base64.b64decode(...)) # Executing hidden code

[CRITICAL] Remote code download and execution via curl pipe (line 32)
curl ... | bash # Remote code execution

[CRITICAL] Remote code download and execution via curl pipe (line 33)
curl ... | sh # Remote code execution

[HIGH] Shell command execution (line 96)
exec(base64.b64decode(...)) # Executing hidden code

[CRITICAL] Reverse shell via netcat (line 51)
nc -e /bin/sh ... # Reverse shell

[CRITICAL] Remote script download piped to shell execution (line 32)
curl ... | bash # Remote code execution

[CRITICAL] Remote script download piped to shell execution (line 33)
curl ... | sh # Remote code execution

[CRITICAL] Remote script download piped to shell execution (line 34)
wget ... -O - | sh # Remote code execution

[LOW] Skill appears to use network but declares no permissions

[HIGH] Content contains alarming words not in description: backdoor

No findings.

No findings.

[CRITICAL] Download piped directly to interpreter (two-stage loader) (line 32)
curl ... | bash # Remote code execution

[CRITICAL] Download piped directly to interpreter (two-stage loader) (line 33)
curl ... | sh # Remote code execution

[CRITICAL] Download piped directly to interpreter (two-stage loader) (line 34)
wget ... -O - | sh # Remote code execution

[CRITICAL] SSH key file access or exfiltration (line 69)
cat ~/.ssh/id_rsa # SSH key access

No findings.