exploit-file-download

This fragment is an attacker-oriented, highly actionable exploitation guide for path traversal/file-read abuse and WAF bypass. It does not contain executable runtime malware in this file, but it meaningfully increases attacker capability by describing concrete untrusted-input-to-file-read flows, including wrapper/URI-based bypass vectors. If present in a software supply chain, it is suspicious as a harmful/abusive artifact rather than legitimate functionality.

This code fragment is best characterized as offensive vulnerability/probing software: it injects a user-supplied payload into URL query parameters and heuristically analyzes the target’s HTTP response for file disclosure/traversal-style indicators (Linux/Windows markers). There are no strong indicators of classic malware (no persistence, credential theft, or third-party exfiltration) in the shown fragment, but it can be used for unauthorized scanning/exploitation. The snippet also appears incomplete/buggy (undefined imports/variables and scope inconsistencies), reducing confidence that it is production-ready as provided.

该技能不是普通开发/运维辅助，而是面向 AI 代理的 LFI/文件读取/RCE 利用指南。其能力范围与“漏洞检测和利用”描述一致，但本身属于高风险进攻性安全工具；再叠加远程安装脚本和敏感数据落库，整体应判定为高风险、可疑而非确认恶意。

SUSPICIOUS: the skill is internally consistent as an offensive path traversal exploitation tool, but that purpose itself is high risk for an AI agent. Install sources are mostly normal, yet the skill enables automated exploitation and extraction of highly sensitive remote files, and the referenced local scripts are not available for verification.

This fragment is an attack-oriented testing/exploitation document (not malware code) that enumerates highly sensitive target files and provides ready-to-use path traversal payloads against a file-download endpoint. While it lacks executable behavior, its inclusion in an open-source/supply-chain artifact meaningfully increases attacker capability for credential/secret theft via server-side file disclosure. Recommend treat as high supply-chain security risk from a misuse perspective and avoid bundling such guidance into production-facing artifacts without a strong, legitimate security-testing context.