Metasploit Framework

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content provides explicit, actionable instructions for creating and deploying reverse shells/payloads, harvesting credentials (hashdump, credential_collector), keylogging, persistence, privilege escalation, AV evasion (encoders, evasion modules), and handlers — all clear backdoor/remote-code-execution and data-exfiltration techniques that can be used maliciously despite mentions of authorization.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The prerequisites include a curl command that downloads and then executes remote installer code from https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb (saved as msfinstall and run), which is a runtime-fetched remote script executed as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs running privileged system commands (e.g., "sudo systemctl start postgresql", "sudo msfdb init"), installing software, and generating/writing payloads and persistence artifacts — all of which modify the host system state and can require or encourage sudo/elevation.