kernel-exploitation

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a high-risk, explicit kernel exploitation playbook providing step-by-step instructions to achieve local privilege escalation, arbitrary kernel/code execution, mitigation bypasses (SMEP/SMAP/KPTI/FG‑KASLR), and persistence techniques (modprobe_path, initramfs modification), and is therefore clearly intended to enable system compromise and potentially data theft.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime setup explicitly downloads and builds a remote Linux kernel via "wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.1.tar.xz", which fetches and results in executing remote code as a required dependency for the provided exploit workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill gives explicit, actionable instructions to escalate privileges and modify kernel and system state (commit_creds, modprobe_path overwrite, initramfs edits, running root scripts), which directly guide compromising the host.