crack-hashcat

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk dual-use content: the skill includes explicit, actionable instructions to access and extract system and Active Directory password stores (e.g., /etc/shadow, NTDS.dit, secretsdump.py) and to crack those hashes — patterns that enable credential theft and local system compromise if misused; there is no obvious obfuscated backdoor or remote C2 payload in the files provided.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The CI template includes a runtime command that fetches and pipes a remote install script into a shell (curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash in assets/ci-config-template.yml), which executes external code during runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs using sudo to read privileged files (e.g., sudo cat /etc/shadow, sudo unshadow /etc/passwd /etc/shadow) and to extract system hashes, which requires elevated privileges and directs the agent to access/modify sensitive system state.