kage

SUSPICIOUS. The skill is internally consistent with its stated pentest purpose, but that purpose itself is to equip an AI agent with high-risk offensive security capabilities, autonomous network actions, exploit development, and transitive skill use. No clear credential-harvesting or exfiltration deception is visible from this fragment, so this is not confirmed malware, but it is a high-risk security skill.

The provided content is a specification for an SSRF exploitation/testing utility, not a code implementation. No direct supply-chain malware indicators (obfuscation, backdoors, persistence, credential theft by the package itself) are present in the fragment. However, the described behavior is explicitly offensive and high-impact (cloud metadata credential probing, internal service probing, and `file:///etc/passwd` reads) with OOB confirmation, making the tool notably risky for misuse and warranting scrutiny of the referenced implementation files before adoption.

The provided fragment is a declarative specification for a dual-use authentication-bypass testing agent. It explicitly instructs probing protected endpoints using multiple auth/HTTP/JWT manipulation variants and recording results with clean-session confirmation. No executable code is shown here, so malicious supply-chain behaviors (exfiltration, backdoors, persistence, destructive actions) cannot be confirmed from this snippet alone. The main risk is misuse potential inherent to auth-bypass probing rather than confirmed malware in this fragment.

This fragment is best characterized as a bundled set of offensive OSINT/search dork queries aimed at discovering exposed credentials, PII, admin/debug endpoints, and cloud/backup leaks for a provided target. It contains no direct executable malicious behavior in isolation, but it meaningfully enables reconnaissance and potential credential/PII harvesting in any workflow that executes these queries. In a supply-chain context, this is a high-risk inclusion and warrants review/quarantine, and investigation of how (and whether) the queries are executed by the package.