alibabacloud-ecs-sec-kernel

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). Nearly all links are proof‑of‑concept exploit sources (Google Security Research, SecWiki, bcoles, Rapid7, Exploit‑DB, various personal GitHub repos and some third‑party pages) which, while legitimate security research, are high‑risk download sources because they provide code that can be compiled or executed to crash systems or perform local privilege escalation; the presence of personal hosting and an internal IP (http://172.23.0.1:1337) further increases the risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The repository is high-risk: it packages a large, runnable collection of real kernel local‑privilege‑escalation PoCs (many with working exploit payloads, KASLR/SMEP/SMAP bypasses, modprobe_path/SUID/write-to-/etc techniques), an automated compile-and-execute pipeline that by default runs enabled PoCs as root, and several obfuscation/packaging touches — all of which enable deliberate abuse and distribution of functional exploit binaries.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). 该技能明确要求以 sudo/root 运行,载入内核模块、创建/修改 root 拥有的目标文件、编译并执行本地 PoC(用于验证本地提权),会主动修改内核与系统状态并可能触发崩溃,因此会改变并可能危及运行机器的状态。

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 07:06 AM
Issues
3
Security Audit — snyk — alibabacloud-ecs-sec-kernel