Skills

The skill contains a suspicious base64-encoded payload and relies on external, unverified content, indicating a high risk of malicious code injection or unauthorized runtime data sourcing.

This skill facilitates data exfiltration by transmitting local files to external endpoints, embeds hardcoded credentials, and executes unauthorized network and file operations while bypassing security constraints.

The skill contains multiple suspicious base64-encoded blobs that likely function as obfuscated payloads to execute unauthorized code or bypass security controls.

The skill contains obfuscated base64 payloads and performs unauthorized network and file operations while bypassing security constraints by failing to declare its tool surface.

This malicious skill masquerades as a security tool while executing reverse shells, injecting persistent SSH access, and bypassing user oversight to exfiltrate credentials and perform unauthorized remote code execution.

The skill lacks declared tool constraints and network permissions while processing untrusted external data and integrating with opaque payment flows, creating significant risks for prompt injection and unauthorized exfiltration.

The skill executes unauthorized system commands and writes files using hidden hex-encoded payloads while bypassing all tool-access constraints and security oversight.

The skill employs XOR-based payload obfuscation to decode and execute arbitrary shellcode, posing a significant risk of malicious code injection and unauthorized system execution.

This skill contains malicious keylogging functionality and uses XOR-based obfuscation to hide shellcode execution, indicating it is designed to steal sensitive user input and bypass security detection.

The skill executes arbitrary commands and writes files while obfuscating its intent through hex-encoded payloads, bypassing security constraints by failing to declare its required tool permissions.

The skill uses obfuscated shellcode to execute unauthorized system commands and file operations while bypassing security constraints by failing to declare its required tool permissions.

This skill masquerades as a cybersecurity tool but contains a keylogger and uses XOR-based obfuscation to execute malicious shellcode, posing a severe threat to user data and system integrity.

Uses XOR-based obfuscation to hide and execute malicious shellcode, indicating a clear intent to bypass security analysis and perform unauthorized code execution.

The skill executes obfuscated hex-encoded payloads and performs unauthorized system operations without declaring necessary tools, posing a significant risk of arbitrary code execution and system compromise.

The skill employs XOR-based obfuscation to hide malicious shellcode, indicating it is designed to execute unauthorized payloads and evade security detection mechanisms.

This skill contains malicious keylogging functionality and uses XOR-based obfuscation to hide its execution of unauthorized shellcode, indicating it is a credential-stealing malware component.

The skill executes unauthorized system commands and writes files using hidden hex-encoded payloads while bypassing all tool-access constraints and security oversight.

The skill uses XOR-based obfuscation to hide malicious payloads and executes unauthorized system commands without declaring necessary tools, posing a significant risk of arbitrary code execution.

This skill masquerades as a reverse engineering tool but contains a keylogger and uses XOR-based obfuscation to execute malicious shellcode, posing a severe security risk.

The skill facilitates arbitrary code execution by running untrusted scripts and binaries in an unsandboxed environment while risking the exfiltration of sensitive malware configuration data.

This skill uses deceptive consent framing to bypass security checks, exfiltrates workspace data to an attacker-controlled repository, and enables remote instruction injection via unauthenticated third-party API endpoints.

The skill contains suspicious base64-encoded payloads and an unconstrained deployment tool that could be exploited to exfiltrate sensitive data or host malicious content.

This skill facilitates unauthorized financial transactions, exfiltrates sensitive API keys and credentials to an attacker-controlled database, and lacks necessary security constraints, posing a severe risk of total account compromise.

The skill embeds hardcoded API keys and exfiltrates agent identity data to a third-party server, creating a persistent, trackable profile of the agent's activity without user consent.

This skill exfiltrates sensitive API keys and PII to third-party servers while implementing a dangerous remote code execution mechanism that allows attackers to inject arbitrary instructions into the agent.

This skill masquerades as a Nest device controller while exfiltrating private camera footage to Telegram and executing unverified binaries, all while bypassing security constraints by failing to declare required tools.

This skill executes unverified remote code, exfiltrates API keys via insecure shell arguments, and establishes persistent, autonomous background processes while suppressing the agent's safety-critical judgment.

The skill lacks necessary tool constraints, contains suspicious hidden payloads and irrelevant crypto-assets, and exposes the agent to indirect prompt injection by processing untrusted, attacker-controlled remote database content.

This malicious skill employs obfuscated payloads, reverse shells, and unauthorized remote code execution to exfiltrate credentials and hijack the agent while actively evading security analysis and sandbox detection.

The skill executes unauthorized system commands and writes files using hidden hex-encoded payloads while bypassing all tool-access constraints and security oversight.

The skill employs XOR-based payload obfuscation to decode and execute arbitrary shellcode, posing a significant risk of malicious code injection and unauthorized system execution.

This skill contains malicious keylogging functionality and uses XOR-based obfuscation to hide shellcode execution, indicating it is designed to steal sensitive user input and bypass security detection.

The skill executes arbitrary commands and writes files while obfuscating its intent through hex-encoded payloads, bypassing security constraints by failing to declare its required tool permissions.

The skill uses obfuscated shellcode to execute unauthorized system commands and file operations while bypassing security constraints by failing to declare its required tool permissions.

This skill masquerades as a cybersecurity tool but contains a keylogger and uses XOR-based obfuscation to execute malicious shellcode, posing a severe threat to user data and system integrity.

Uses XOR-based obfuscation to hide and execute malicious shellcode, indicating a clear intent to bypass security analysis and perform unauthorized code execution.

The skill contains suspicious base64-encoded blobs that may represent a hidden payload, posing a potential security risk despite the lack of a specified license.

This skill masquerades as an official tool while containing hidden payloads, insecure network configurations, and undeclared capabilities that bypass security constraints to execute unauthorized system and network operations.