alibabacloud-ecs-sec-kernel

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill compiles and executes C source code for a library of 88 Linux kernel vulnerabilities. It uses gcc -static and make to generate exploit binaries and requires sudo to perform environment setup, such as loading kernel modules (e.g., modprobe algif_aead, modprobe esp4).
  • [COMMAND_EXECUTION]: The build process in poc-src/Makefile and poc-src/build.sh includes an obfuscation step that replaces the standard ELF magic bytes (\x7fELF) with a custom header (CVE\x00). This technique is a common evasion tactic used to hide executable content from file type detectors and security software.
  • [DATA_EXFILTRATION]: Multiple PoC modules access sensitive system files to verify exploit success. For example, poc-src/cve_2016_5195/poc.c and others attempt to read /etc/shadow and /proc/kallsyms to confirm that root privileges have been acquired or kernel addresses have been leaked.
  • [EXTERNAL_DOWNLOADS]: The skill documentation and README files reference numerous external URLs for original exploit source code, including repositories from Google Security Research, Metasploit, and various public security researchers. While these are established entities, the skill is designed to fetch and execute their code locally.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 07:07 AM
Security Audit — agent-trust-hub — alibabacloud-ecs-sec-kernel