Credential Harvesting Lab Setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly creates plaintext credential logs and instructs viewing them with commands like cat /var/www/html/login_log.txt and tail -f, which requires handling and outputting captured secret values verbatim (high exfiltration risk).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Provides explicit, actionable step-by-step instructions for ARP/DNS spoofing, phishing page creation, and credential logging that directly enable credential theft and man-in-the-middle attacks — highly malicious despite a mention of authorization.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to run numerous sudo commands, install packages, modify system files and service state (e.g., /etc/sysctl.conf, Apache files, stop systemd-resolved), enable IP forwarding, and otherwise change host/network configuration to perform ARP/DNS spoofing and credential capture, which directly compromises the machine's state.