abusing-dpapi-for-credential-access
Audited by Snyk on Jun 22, 2026
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and instructs embedding plaintext secrets (passwords, NTLM hashes, and passphrases) into command-line invocations (e.g., /password:CorrectHorseBatteryStaple, /ntlm:..., -p 'Password123!'), so an LLM following it would need to handle and output secret values verbatim.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). These links point to well-known offensive/credential-dumping tools and documentation (Mimikatz, GhostPack/SharpDPAPI, Impacket, DonPAPI, etc.) and their GitHub release pages — legitimate for red-team use but commonly used to distribute binaries and perform credential theft, so they represent a high-risk download/source set.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This content explicitly documents and automates DPAPI abuse—including harvesting master keys, decrypting Credential Manager/browser secrets, retrieving domain DPAPI backup keys, and mass remote looting—i.e., intentional credential theft and domain-wide exfiltration techniques that enable unauthorized access if used outside an authorized engagement.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the full skill content for literal credentials. Most exposed values are clearly example/placeholders or low-entropy example passwords and are ignored per the rules:
- "CorrectHorseBatteryStaple" — example passphrase (low/recognizable entropy) — ignored.
- 'Password123!' in the donpapi example — obvious sample — ignored.
- 0x<decrypted_masterkey>, backupkey.pvk, file names, and environment/flag names are placeholders or filenames — ignored.
- No PEM/RSA private-key blocks or API keys (sk-... etc.) present.
However, the documentation contains an NTLM hash literal in an example:
- cc36cf7a8514893efccd332446158b1a
This is a 32-character hex string matching the form of an NTLM hash. Such a hash is high-entropy and would be directly usable to decrypt DPAPI master keys offline, so it qualifies as a secret under the provided definition.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly directs privileged, state-changing actions—running DPAPI extraction tools as the target user or SYSTEM, reading/writing protected system folders, retrieving a domain DPAPI backup key (Domain Admin), and using Mimikatz/SharpDPAPI/Impacket to decrypt credentials—which directly compromises the host and requires or abuses elevated privileges.
Issues (5)
Insecure credential handling detected in skill instructions.
Suspicious download URL detected in skill instructions.
Malicious code pattern detected in skill scripts.
Secret detected in skill content (API keys, tokens, passwords).
Attempt to modify system services in skill instructions.