malware-analysis-dragonflyTomb-avast
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational Go code snippets demonstrating how malware loaders function for identification purposes. These are explicitly labeled as warnings and examples.
- [SAFE]: Includes a forensic scanning tool implemented in Go that performs static analysis (string matching and SHA256 hashing) on local files to detect suspicious indicators.
- [SAFE]: Implements a malware reporting function using the VirusTotal API, which is a well-known security service. It follows best practices by retrieving the API key from environment variables.
- [SAFE]: References the official GitHub client library from Google (
github.com/google/go-github/v50/github) for monitoring suspicious repository metadata. - [SAFE]: Recommends security best practices, such as using isolated Docker containers with networking disabled (
--network none) for examining untrusted code.
Audit Metadata