building-c2-infrastructure-with-sliver-framework

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). Both URLs are distribution/command-and-control endpoints: sliver.sh/install serves an install script for the Sliver C2 framework (a powerful offensive tool whose installer is effectively malware if run outside an authorized test environment) and c2.example.com is used as a C2/redirector domain — together they represent high-risk sources for delivering implants and should only be accessed in authorized lab/red-team contexts.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Comprehensive, actionable C2 build and implant-generation guide that directly instructs how to deploy command‑and‑control servers, generate beacons/shellcode, set up redirectors/domain‑fronting, and run post‑exploitation tooling (e.g., mimikatz, in‑memory execution, pivots), enabling backdoors, remote code execution, credential theft and data exfiltration—highly dangerous dual‑use content readily abusable for malicious operations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running a remote install script that is fetched and executed at setup time—curl https://sliver.sh/install | sudo bash—which downloads and runs remote code and the provided scripts depend on Sliver being installed, so this is a runtime-executed external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs using sudo to install software, starting system services, editing system configs (NGINX, certs), altering firewall/iptables rules, and generating C2 implants—actions that require elevated privileges and modify the machine state, so it must be flagged.