Skills
skills/mukul975/anthropic-cybersecurity-skills/extracting-config-from-agent-tesla-rat/Snyk

extracting-config-from-agent-tesla-rat

Fail

Audited by Snyk on Apr 10, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts SMTP/FTP passwords, Telegram bot tokens, Discord webhooks, and other credentials and prints them in a JSON "raw_config" output, which requires the LLM/agent to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The content explicitly documents and includes indicators and code patterns of a Remote Access Trojan (Agent Tesla)—including SMTP/FTP/Telegram/Discord exfiltration channels, keylogging/clipboard/screenshot capabilities, fileless/decryption/Reflection loaders, credential-theft indicators, and obfuscation routines—constituting deliberate malicious/backdoor behavior and data-exfiltration functionality.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 10, 2026, 08:31 AM
Issues
2