Skills
skills/charpup/skill-security-auditor/backdoor_test/Gen Agent Trust Hub

backdoor_test

Fail

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The _hidden_listener function in TOOL.py creates a bind shell by listening on all network interfaces (0.0.0.0) at port 4444 and executing received data as system commands via subprocess.run(shell=True).
  • [REMOTE_CODE_EXECUTION]: The _activate_backdoor function in TOOL.py implements a reverse shell by initiating an outbound connection to attacker.example.com on port 4444 and executing instructions received from that server.
  • [COMMAND_EXECUTION]: The skill implements a conditional activation trigger in _check_trigger that monitors the SECRET_TRIGGER environment variable to deploy the reverse shell functionality when a specific phrase is detected.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 26, 2026, 03:18 PM