Payloads

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed security-testing payload collection with no hidden execution, persistence, or data access behavior.

Install only if you need payload samples for authorized security testing. Expect antivirus tools to flag or quarantine the EICAR file, and be careful with filenames containing shell metacharacters or PHP snippets; do not use these materials against systems without permission.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This README documents an attack-use SWF payload for XSS and references proof-of-concept abuse without any handling warning, containment guidance, or statement that the material is for controlled security testing only. In a repository of payloads, such documentation materially lowers the barrier to misuse and increases the chance that dangerous files are handled unsafely or deployed against real targets.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This section explicitly lists archive contents designed to bypass upload blacklists and reach phpinfo execution, which is directly actionable offensive tradecraft rather than neutral documentation. Publishing filename tricks and polyglot/web-shell-adjacent naming patterns without strong warnings or restrictions can facilitate file upload bypass attempts and subsequent code execution or sensitive environment disclosure on vulnerable systems.

VirusTotal

49/61 vendors flagged this skill as malicious, and 12/61 flagged it as clean.

View on VirusTotal