vermillion-hunter

[Skill Scanner] Installation of third-party script detected This skill is primarily a defensive/research tool for detecting DLL sideloading and COM hijacking vectors using Frida and local validation. However, it includes explicit, actionable attack steps and an automated validation path that requires copying and executing signed binaries and modifying registry entries — capabilities that make it dual-use and potentially dangerous if misused. No remote exfiltration or obfuscation is present, but the ability to execute and validate sideloads locally elevates the security risk; run only in controlled environments with proper authorization and auditing. LLM verification: The skill provides legitimate and technically accurate Frida-based techniques to detect and validate DLL sideloading and COM hijacking. However, it is dual-use: the documentation details exploit steps and includes a mode to validate real malware sideloads (Dridex), increasing risk of misuse. No direct malicious code or network exfiltration is present in the provided text, but the workflow facilitates local generation and execution of potentially malicious DLLs. Recommend: (1) treat this reposito