kernel-exploitation

The provided fragment is not a software library implementation; it is an explicit kernel exploitation/mitigation-bypass instruction playbook containing actionable, privilege-escalation-oriented guidance (including KASLR derivation, CR4/SMEP/SMAP bypass concepts, KPTI trampoline return-to-user logic, FG-KASLR derandomization strategies, and CFI bypass discussions). No runtime malicious behavior (network/file/process execution) is present in this snippet itself, but its operational nature makes it a serious security concern if included in a dependency artifact.

This fragment is not executable malware; it is highly actionable kernel exploitation documentation. While no backdoor, credential theft, or network exfiltration behavior is present in the provided content, its detailed guidance for arbitrary kernel read/control-flow (msg_msg, pipe_buffer/ops->release, DirtyPipe-style concepts) makes it a significant security risk due to facilitating real-world exploitation if shipped within a dependency.

SUSPICIOUS: The skill is internally coherent and uses mostly legitimate tooling, but its core function is to equip an AI agent with offensive kernel exploitation and privilege-escalation procedures. That makes it high security risk by capability, though not confirmed malware or credential theft.