windows-lateral-movement

MALICIOUS: this skill’s stated purpose is offensive Windows lateral movement, and its actual footprint matches that malicious purpose across multiple dimensions. It teaches credential-enabled remote execution, pivoting, defense evasion, and transitive loading of more attack content; while most referenced tools are publicly known, the overall skill is incompatible with benign agent use.

The provided module content is an explicit, operational credential-dumping and secret-extraction playbook targeting Windows and Active Directory authentication material (LSASS, registry hives, DPAPI, cached creds, NTDS.dit), including local and remote extraction steps and references to evasion/bypass tactics. It contains no defensive purpose and is directly actionable for unauthorized credential theft, making it a critical supply-chain security concern.