Ctf Malware
v1.0.0Provides malware analysis and network traffic techniques for CTF challenges. Use when analyzing obfuscated scripts, malicious packages, custom crypto protoco...
⭐ 0· 63·1 current·1 all-time
by@gandli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the content: the SKILL.md and supporting docs provide static/dynamic malware-analysis techniques, tool lists, and code snippets. Required capabilities (running strace/tcpdump, reading memory, installing analysis packages) are consistent with that purpose. Minor inconsistency: SKILL.md metadata sets user-invocable: "false" while the registry flags list user-invocable as enabled.
Instruction Scope
Instructions explicitly direct the agent/operator to run and monitor potentially malicious samples (strace/ltrace, tcpdump, running samples, dumping /proc/<pid>/mem, using sudo), to install many analysis packages, and to call external APIs (e.g., Telegram API examples). These are expected for malware analysis but are high-risk operations: they require privileged access and an isolated sandbox. The instructions do not attempt to read unrelated secrets or other skills' configs.
Install Mechanism
This is instruction-only (no install spec or code files executed by installer). The SKILL.md lists packages to pip/apt/brew-install, but no automated download/install steps are embedded in the skill itself. That minimizes installer risk.
Credentials
The skill requests no environment variables, credentials, or config paths. Some examples show use of tokens (Telegram bot token) as part of analysis workflows — these are placeholders for analyst-supplied secrets and not required by the skill itself. Overall, requested environment access is proportionate to malware-analysis tasks.
Persistence & Privilege
The skill is not marked always:true and has no install-time persistence. It does require a filesystem-capable agent to fully follow its instructions (metadata notes compatibility with agents that can run bash/Python), which is expected for an analysis guide. Note the metadata/user-invocable mismatch mentioned above.
Assessment
This skill is essentially a detailed malware-analysis cheat-sheet and is internally consistent with that purpose. However:
- Do NOT run these commands on your primary machine. The instructions intentionally run and inspect malicious samples, read process memory, and call network captures — run only in an isolated, up-to-date VM or hardened sandbox with no sensitive data or network access to production systems.
- Several commands require sudo or elevated privileges (tcpdump, reading /proc/<pid>/mem, installing packages). Grant those only in controlled environments.
- The skill contains examples that use tokens (Telegram bot token) and shows how to fetch data when such a token is present — never supply real production tokens unless you understand the consequences. The skill does not require any env vars by default.
- There is a metadata mismatch: SKILL.md sets user-invocable: "false" while registry metadata indicates the skill is user-invocable. Verify which is intended before enabling autonomous invocation.
- Verify the skill author/source before installing or following instructions; this bundle came from an unknown source. If you plan to allow the agent to execute commands, restrict the agent's execution privileges and network access (no internet or limited/monitored egress) and prefer manual invocation rather than autonomous runs.Like a lobster shell, security has layers — review code before you run it.
latestvk9739zh69fthyy1qnn4dcsqzz583w1cy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.