ClawHub

Ctf Reverse

Security checks across malware telemetry and agentic risk

Overview

This is a CTF reverse-engineering reference, but it includes under-scoped operational instructions for impersonation, bypasses, data retrieval, and cyber-physical actions that users should review carefully before installing.

Install only if you intend to use it for authorized CTFs or controlled lab reverse engineering. Use an isolated VM/container, avoid uploading private binaries to third-party services, do not run the vehicle/CAN, anti-cheat, iOS, Firebase, or C2 examples against real systems without explicit authorization, and treat the unpinned tool installs as a supply-chain risk to manage separately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (14)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This section provides actionable instructions to modify a Go C2 client identity, register it against a server, enumerate other clients, and download their files. That is not merely defensive reverse-engineering guidance for a CTF binary; it directly enables unauthorized access and post-compromise data collection techniques applicable to real systems.

Missing User Warnings

High
Confidence
96% confidence
Finding
The content normalizes unauthorized client impersonation and retrieval of other clients' files without any safety boundaries, authorization requirements, or legal/ethical warnings. In a reverse-engineering skill, this materially increases misuse risk because it turns analysis guidance into an operational intrusion workflow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This section explicitly demonstrates using Frida to obtain an authenticated Firebase UID and invoke a Cloud Function directly with arbitrary payload data, which is effectively a client-side validation bypass technique. In a CTF context this may be instructional, but the same technique readily transfers to real mobile apps and can enable unauthorized actions, abuse of backend functions, or replay/manipulation of authenticated requests.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guidance instructs readers to collect cryptographic material from Android logs and use it to reconstruct message decryption parameters. Even though framed as a CTF technique, it describes extraction and use of highly sensitive secrets from logs, a pattern directly applicable to real apps and user communications if reproduced outside a controlled challenge.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This section gives concrete binary-patching steps that modify executables in place and does not warn the user to work on copies, in an isolated environment, or with authorization. In a reverse-engineering/CTF context this is often legitimate, but the omission can still cause unsafe host changes or accidental corruption of files outside a sandbox.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guidance includes changing the host system clock with sudo and only secondarily mentions faketime. Altering the real system date can disrupt TLS validation, logs, scheduled jobs, build systems, and other time-sensitive services, so presenting it without a strong warning is unsafe operational guidance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section gives operational guidance for executing suspected ransomware with LD_PRELOAD hooks and recovering AES material, but its safety note is incomplete because it does not address secure handling of captured keys, IVs, decrypted files, or other sensitive artifacts. In a reverse-engineering skill, that omission can lead users to exfiltrate or mishandle live cryptographic material from real malware samples or victim data, creating avoidable security and privacy risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The content gives explicit instructions to remove and re-apply code signatures, which facilitates tampering with binaries and undermines platform trust guarantees. In a reverse-engineering skill this may be relevant for CTFs, but without guardrails or warnings it normalizes integrity-bypassing steps that can be repurposed against real software.

Missing User Warnings

High
Confidence
97% confidence
Finding
This section provides actionable steps for decrypting protected iOS apps and bypassing jailbreak detection, including Frida hook code that can be used directly. Even in a CTF/reversing context, these are dual-use techniques strongly associated with defeating app protections on real targets, and the lack of authorization/legal warnings materially increases misuse risk.

Missing User Warnings

High
Confidence
95% confidence
Finding
The anti-cheat section explicitly discusses bypass techniques and memory patching, which can enable cheating, integrity violations, and evasion of game security controls. Because the skill is framed as reverse-engineering guidance, this context makes the material plausible, but not safer; the advice is still readily transferable to non-CTF environments and lacks user-risk or authorization boundaries.

Missing User Warnings

High
Confidence
98% confidence
Finding
The automotive section includes live CAN setup, replay, and write-capable diagnostic commands that could affect physical systems if used on real vehicles. In contrast to purely software CTF material, these instructions cross into cyber-physical impact, where unsafe or unauthorized use could disrupt safety-relevant functions or damage equipment.

Missing User Warnings

High
Confidence
85% confidence
Finding
The LD_PRELOAD example provides concrete instructions and code to dump a process's mapped memory to disk via /proc/self/mem. Even in a CTF context, this is a real memory-exfiltration technique that can be repurposed against non-CTF binaries to bypass execute-only protections and recover protected code or sensitive in-memory material.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example explicitly instructs users to upload a binary via web/API to dogbolt.org without clearly warning that the file leaves the local environment and is sent to a third-party service. In a security/reverse-engineering context, users may be handling proprietary samples, customer artifacts, malware, or challenge binaries with embedded secrets, so omission of a data-transfer warning can lead to unintended disclosure.

Ssd 3

High
Confidence
98% confidence
Finding
The instructions explicitly describe enumerating clients on a C2 system and downloading their collected files, which facilitates unauthorized access to sensitive data. This crosses from benign analysis into concrete abuse of attacker infrastructure or victim-associated data stores, creating clear dual-use harm with immediate offensive applicability.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal