reverse-engineering-dotnet-malware-with-dnspy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs extracting and documenting hardcoded credentials, decryption keys, and C2 configuration (including plaintext passwords) from assemblies, which requires the agent to output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is explicitly focused on .NET malware analysis but embeds and documents multiple high-risk malicious patterns (hardcoded C2/IPs and keys, stealer/RAT capabilities, data exfiltration channels like SMTP/HTTP/Telegram, persistence via registry/tasks, runtime string decryption and Assembly.Load fileless payloads, and obfuscation/decoding routines) that demonstrate deliberate malicious behavior and would directly reveal or facilitate backdoor/credential-theft and exfiltration workflows.