1panel-exploit

No actual software supply-chain code is provided—this is an exploit/detection write-up. Nevertheless, it contains highly operational instructions and concrete payloads enabling authenticated arbitrary file read (secret/system exfiltration) via path traversal. Treat the artifact as high-risk instructional material rather than benign documentation; focus on remediation of the underlying endpoint and verify deployed versions/configuration and access controls.

该技能不是普通管理或检测工具，而是面向AI代理的1Panel漏洞利用包，覆盖未授权RCE、SQL注入写文件/写Webshell及任意文件读取。其能力与声明一致，但用途本质上是攻击真实系统，属于高风险 offensive-security 技能；未见明确外部安装链或第三方凭据转发证据，因此更适合判定为高风险可滥用而非确认恶意软件。