hunt-grpc

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill is an offensive gRPC exploitation playbook: it contains step-by-step, actionable commands to enumerate services, bypass authentication (including forged JWTs and header spoofing), exfiltrate sensitive data (List/GetSecrets/GetUser, proto reconstruction), capture credentials via plaintext h2c, and perform an HTTP/2 rapid-reset DoS — all patterns that enable deliberate unauthorized access and abuse.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs cloning and running a remote PoC that fetches and executes code at runtime (git clone https://github.com/secengjeff/rapidresetclient … && ./rapidreset), which is a runtime external dependency that executes remote code.