ClawHub

Ctf Misc

Security checks across malware telemetry and agentic risk

Overview

This CTF reference skill is openly dual-use, but it includes ready-to-run host compromise, credential access, secret extraction, and container escape playbooks that need human review before use.

Install only for authorized CTFs, labs, or training VMs. Do not allow an agent to run the privilege-escalation, credential, Docker, BuildKit, Kubernetes, DNS rebinding, or session-cookie commands against personal machines, production infrastructure, real accounts, or third-party systems without explicit authorization and review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
Findings (15)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The file materially exceeds the stated scope of a miscellaneous CTF helper by providing concrete Linux privilege-escalation, persistence, credential extraction, and service exploitation procedures. This mismatch is dangerous because it makes offensive post-exploitation guidance available under an innocuous skill label, increasing the chance of misuse and reducing operator scrutiny.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This section includes executable commands that interact with files, decoders, and remote services without explicit safety guidance or sandboxing expectations. In an agent environment with Bash, WebFetch, and internet access enabled, such examples can normalize running potentially risky commands on untrusted inputs or against external hosts, increasing the chance of unintended network activity or system changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This section gives actionable DNS rebinding attack guidance, including how to operate a rebinding server and references to tooling, without any safety boundaries or authorized-use warning. In a broadly reusable agent skill, that materially lowers the barrier to bypassing browser same-origin and network-based access controls against localhost or internal services.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The DNS tunneling/exfiltration section includes concrete decoding and investigation workflows for exfiltrated data, framed as PCAP analysis, but it normalizes exfiltration techniques without warning about privacy or misuse. In an agent skill, this can support unauthorized recovery or handling of stolen data and facilitate real-world data-theft tradecraft.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section explicitly instructs readers to decode Flask session cookies to reveal hidden game state, including correct answers, and states that no secret is needed for reading. Even in a CTF context, this normalizes inspecting signed-but-unencrypted session data without warning that real applications may place sensitive information in client-visible cookies. Because the skill is a general-purpose agent skill and not tightly scoped to sandboxed targets, it increases the chance the technique could be applied to non-CTF systems or mishandled against real session data.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This section gives explicit shellcode and ROP guidance to obtain code execution and read flags, but provides no safety framing, access constraints, or warning about system integrity impact. In a reusable agent skill, such actionable exploit content can directly enable offensive misuse beyond CTF contexts, especially because the steps are concrete and transferable.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The markdown provides step-by-step instructions for abusing BuildKit to extract mounted secrets, including a nested Dockerfile attack and output-forcing trick. Because BuildKit and CI secret mounts exist in real environments, this is a practical secret-exfiltration playbook, not merely abstract discussion, and the lack of privacy/credential handling warnings increases misuse risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
This section documents multiple real-world container escape paths, including privileged breakout, docker.sock abuse, and CAP_SYS_ADMIN release_agent execution, without any warning about host compromise risk. These are directly actionable post-compromise escalation techniques that can lead to full host takeover and data theft if reused outside a CTF sandbox.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The section explains how to escape restricted vim and execute commands as another user via custom vimrc and embedded Python, including sudo invocation examples. This is actionable privilege abuse content that can be applied to misconfigured production environments, and the absence of warnings or authorization boundaries makes the skill more dangerous.

Missing User Warnings

High
Confidence
98% confidence
Finding
The document contains step-by-step instructions for sudo abuse, root execution, password resets, SUID creation, file exfiltration, and proxy pivoting without any safety framing, authorization requirements, or lab-only constraints. In skill context, this makes the content more dangerous because it is packaged as an actionable operator aid rather than a defensive analysis or high-level educational overview.

Missing User Warnings

High
Confidence
98% confidence
Finding
This document contains explicit sandbox escape, shell execution, file-reading, and code-execution payloads such as `os.system`, `exec`, and reading `/flag.txt`, with operational guidance for exploiting Python jails. Even though framed as CTF material, it is still a high-risk dual-use capability because it can be directly repurposed against real sandboxed Python services or embedded execution environments.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
### Variations

**Execute arbitrary code via exec + code object:**
```python
def __code__():
    0
Confidence
94% confidence
Finding
Execute arbitrary code

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
---

## Sudo Wildcard Parameter Injection via fnmatch (Dump HTB)

Sudo's `fnmatch()` matches `*` across argument boundaries including spaces, allowing injection of extra flags into a locked-down sudo command.
Confidence
95% confidence
Finding
Sudo

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```sql
-- Copy bash with SUID to PostgreSQL data directory
COPY (SELECT '') TO PROGRAM 'cp /bin/bash /var/lib/postgresql/14/main/bash && chmod 4777 /var/lib/postgresql/14/main/bash';
-- After backup cronjob runs, the copy at /opt/backups/current/bash is root-owned SUID
-- Execute: /opt/backups/current/bash -p
```
Confidence
99% confidence
Finding
chmod 4777

YARA rule 'exploit_framework': Exploit framework components and payloads [hacktools]

High
Category
YARA Match
Content
## Server Communication

```python
from pwn import *
context.log_level = 'error'

def test_with_delay(cmd, delay=5):
Confidence
90% confidence
Finding
from pwn import

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal