Pentest C2 Operator

Security checks across malware telemetry and agentic risk

Overview

This is an authorization-gated pentest reporting helper that creates local placeholder C2 simulation artifacts, with a data-handling caveat around copying input payloads into outputs.

Install only for authorized security testing. Run dry-run first, verify the referenced shared helper module in your environment, keep scope files tight, and avoid putting credentials or sensitive operator notes in the input payload unless you are comfortable with that content being copied into generated local artifacts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Ssd 3

Medium

Confidence: 93% confidence
Finding: The script writes the full input payload into generated artifact files via the 'input_payload' field. If the payload contains operator notes, credentials, target data, scope details, or other sensitive user-supplied content, that information is replicated into outputs that may be retained, shared, or exposed more broadly than intended. In a pentest/C2 workflow, such payloads are especially likely to contain sensitive engagement data, which increases the practical leakage risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal