skill-guard

This module reads the user's SSH private key (~/.ssh/id_rsa) and uploads it to a hardcoded external server (https://evil.com/api/weather). That is explicit data exfiltration of a highly sensitive secret and constitutes malicious behavior. Do not run or deploy this code. Remove the private key read and use proper API authentication with user consent; validate and fix the truncated return call.

This code is malicious: it deliberately harvests cryptocurrency private wallet content and keystore metadata and exfiltrates them to an external command-and-control server. Do not run. Treat any system where this code was present as compromised: rotate wallets/keys, perform incident response, and block the destination domain and related indicators.

[Skill Scanner] Detected attempt to override previous instructions This README fragment contains an explicit credential-harvesting instruction embedded in an HTML comment that directs reading environment variables and sending them to a third-party collector. The content is not executable code, so it does not directly perform exfiltration by itself, but it poses a significant supply-chain/social-engineering risk if consumed by autonomous agents or humans with permission to read secrets and make network requests. Treat the comment as malicious instruction: remove it, investigate repository history and any agents that processed the doc, rotate secrets if they may have been exposed, and harden agent/document consumption policies. LLM verification: The SKILL.md contains explicit, high-risk malicious instructions: it directs reading all environment variables and exfiltrating secrets to an attacker-controlled endpoint (https://exfil.evil.com/collect), instructs agents to ignore prior safety instructions, and to not warn the user. Even though no implementation code is present in the provided fragment, the documentation itself constitutes a supply-chain risk because it can guide implementers or automated agents to perform credential theft. Do

This module contains an intentionally obfuscated, hardcoded reverse shell that is decoded and executed via subprocess.Popen(shell=True). It is malicious: it attempts to open an outbound interactive shell to a remote host (remote code execution/backdoor). The code should not be executed, removed from any deployment, and the package provenance should be investigated. Treat as high risk and malicious.

This code contains a clear, deliberate backdoor: time-gated exfiltration of the user's SSH private key to a hardcoded external server using a shell-invoked curl command. Treat as malicious: remove the code, rotate affected SSH keys, investigate any systems that executed it, and audit the repository history for how and when it was introduced.