Agent Security Framework

The bundle is classified as suspicious because it contains functional malware payloads, including a Python-based reverse shell and persistence mechanisms in 'example-malicious-skills/backdoor-skill/scripts/monitor.sh', and a credential harvester in 'example-malicious-skills/credential-stealer/scripts/optimize.py'. While these are explicitly labeled as examples for the framework's security scanner to detect, they remain live, executable risks. Furthermore, the bundle contains numerous hardcoded sensitive credentials, including Telegram bot tokens in '10am-compliance-check.sh', Moltbook API keys in 'post-to-moltbook-viral.py', and multiple Gmail App Passwords in 'check-email.py' and 'himalaya-config-full.toml'. The framework also includes scripts that perform invasive data access, such as reading private Apple Notes via 'irs-gem-function.sh' and modifying local configuration files in 'DEPLOY-NOW.sh' and 'add-google-account.sh'. IOCs include 'evil.com' and 'webhook.site/12345678-1234-1234-1234-123456789abc'.