exploiting-active-directory-with-bloodhound

No clear evidence of stealthy malware in the provided module. The code primarily enables dual-use Active Directory recon/attack-path analysis by executing SharpHound/bloodhound-python, parsing exported JSON, and optionally executing arbitrary Cypher against Neo4j. The main security concerns are misuse potential and operational risks: passing plaintext passwords as CLI arguments to subprocesses, PATH-dependent external binary execution, hardcoded default Neo4j credentials, unrestricted user-controlled Cypher execution (data/DoS risk), and writing reports to an arbitrary output path. This dependency should be used only in tightly controlled, authorized environments with appropriate access controls and hardening (pin executable paths, restrict who can set --cypher-query/--output, and avoid default credentials/CLI password exposure).

High-risk offensive security skill. Its capabilities are internally consistent with a red-team BloodHound guide, but it equips an AI agent to perform AD reconnaissance, data exfiltration, and exploitation planning against real environments. No clear credential-harvesting or deceptive exfiltration endpoint is present, so this is better classified as a dangerous offensive skill rather than malware.