performing-firmware-malware-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs extracting and reporting hardcoded credentials, SSH keys, and /etc/shadow entries (password hashes) and provides report fields that would require the agent to include those secret values verbatim, creating an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs running privileged operations (sudo mount/chroot, copying qemu static, chipsec SPI dumps, firmware flashing/dumping) that modify host state and require elevated access, so it encourages actions that can compromise the machine.