picocom

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most links are to legitimate documentation and trusted project hosts (U-Boot, BusyBox, picocom on GitHub, BusyBox git), but the presence of a direct .sh on an untrusted domain (http://attacker.com/shell.sh) — plus local API endpoints that could be abused to trigger reboots/updates — are high‑risk indicators that make this set suspicious overall.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The package and docs contain explicit, intentional instructions and code paths for credential theft, data exfiltration, persistence/backdoors (adding root user, installing SSH keys, writing startup reverse shells), and remote command execution (subprocess shell=True trigger and examples using netcat/curl), indicating deliberate malicious/abusive capabilities.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit instructions to modify system state (install packages with sudo, add users/backdoors, write to /etc/passwd, add SSH keys, start services and modify bootloader env), which directly push the agent to create persistent, privileged changes on the machine/device.