lockpick

High-risk offensive security skill. Its capabilities are internally consistent with its declared pentest/privesc purpose, so it is not disguised malware, but it enables credential harvesting, privilege escalation, container/Kubernetes breakout, and lateral movement with real-world impact. Treat as dangerous offensive tooling for AI agents, not benign developer guidance.

This fragment is highly suspicious and consistent with malicious credential-harvesting and post-exploitation guidance. It targets numerous high-value secret locations (VPN keys/certs/PSKs, Terraform/Ansible secrets, cloud IMDS temporary credentials, Kubernetes admin/etcd/sealed-secrets/service-account tokens, and CI/CD credentials) and then describes how to reuse them to pivot for lateral movement. If present in a software supply-chain artifact, it should be treated as a severe security concern and investigated for actual execution paths (install/runtime scripts, bundled binaries, and any code that could perform extraction/exfiltration).

This fragment is a highly actionable offensive playbook for container breakout and host compromise. It explicitly instructs how to detect container context, identify misconfigurations (notably Docker daemon exposure and privileged/capability states), and then execute host takeover steps including privileged Docker API abuse, host filesystem tampering for persistence, cgroup/kernel escape triggers, and optional remote script download/execution. If present in a software dependency or automation artifact, it represents severe malicious-use potential and should be treated as hostile content.

High-risk malicious capability content: this fragment is an attacker playbook that enables reverse shells (interactive /bin/bash over TCP), tunneling/pivoting into internal networks, internal recon, and file transfer/data theft workflows (including sensitive file retrieval examples). If included in a software supply-chain package, it would materially increase the chance of compromise and post-exploitation control; it should be treated as a severe security concern.

The provided fragment is a weaponized Linux privilege-escalation and compromise cheat sheet. It contains highly actionable commands for obtaining elevated privileges (including sudo abuse, dynamic loader injection, SUID/cron/capability exploitation) and includes an explicit sensitive credential exfiltration example (/etc/shadow to an attacker endpoint). No obfuscation is present; the danger comes from direct compromise/payload guidance. If included in any software supply chain, treat as critically high risk and do not deploy or redistribute it without strict isolation and justification.