Skills
skills/ramzxy/ctf/ctf-malware/Snyk

ctf-malware

Fail

Audited by Snyk on Feb 16, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt contains examples that embed API tokens and hardcoded passwords directly into code and API requests (e.g., the Telegram bot token in request URLs and hardcoded AES passwords/keys), which would require the model to handle or output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The content includes numerous explicit high-risk malicious techniques (data exfiltration via Telegram and network C2, RC4/WSS and reverse-shell patterns, credential theft/keylogging, persistence and supply-chain attack checks, and extensive obfuscation/deobfuscation instructions) that can be directly reused for building or operating malware, so it presents a high potential for misuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch user-generated content from the Telegram Bot API (e.g., requests.get("https://api.telegram.org/bot{TOKEN}/getUpdates") and file downloads), which is an open third-party source of untrusted, user-provided data the agent would read and interpret.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the skill prompt for literal, high-entropy values that could be used as real credentials.

Flagged:

  • key_source = '${8',`d0}n,~@J;oZ"9a' — this is a literal, random-looking string used in the example as the hardcoded source for key derivation (MD5 of hardcoded string). It is high-entropy and directly present in the doc as a usable secret-like value (would produce a deterministic encryption key), so I treat it as a hardcoded secret.

Ignored (reasons):

  • "TOKEN = "bot_token_here"" — placeholder, explicitly non-secret example.
  • "file_id = "..."", "bot_token_here" usage — placeholders/truncated values.
  • "password = b"hardcoded_password"" — low-entropy example, clearly an illustrative value.
  • "sk-live-24jds..." in the definition — truncated/redacted example (ellipses).
  • Any simple words like "hardcoded_password", "openclaw", etc. — documentation/example values or low-entropy setup passwords per rules.

Because at least one high-entropy, directly present hardcoded secret-like string was found (key_source), I mark the skill as containing a secret.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 12:53 AM