skills/galiais/ctf-sandbox-orchestrator/competition-linux-credential-pivot/Socket

competition-linux-credential-pivot

Warn

Audited by Socket on Mar 31, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能与其宣称的 CTF/Linux 凭据横向移动分析目的基本一致，不像伪装成别的用途来偷取数据；但它本质上是在赋予 AI 代理攻击性安全能力，并围绕高敏感凭据、重放验证和横向移动展开。缺少可验证的沙箱强制控制，导致一旦被用于非预期环境会有较高安全风险。整体应归类为 SUSPICIOUS：不是确认恶意软件，但属于高风险 offensive-security skill。

Confidence: 89%Severity: 76%

Audit Metadata

Analyzed At

Mar 31, 2026, 12:17 PM

Package URL

pkg:socket/skills-sh/GALIAIS%2FCTF-Sandbox-Orchestrator%2Fcompetition-linux-credential-pivot%2F@bc04a5da87ec42e864d754206a1fea6d02b85a15