evasion-research

SUSPICIOUS: the skill is internally consistent, but its purpose is to equip an AI agent to research and operationalize detection-evasion and loader/C2 techniques. There is no strong evidence of credential theft or malicious exfiltration, yet the offensive-security focus plus ingestion of untrusted GitHub content makes it a high-risk skill.

This fragment is not malware code by itself, but it is a high-risk “evasion research” instruction/config that explicitly directs GitHub searching and the curation/storage (“入库”) of Windows malware-evasion techniques (shellcode loaders, direct syscalls like NtCreateThreadEx, and AMSI bypass including AmsiScanBuffer patching and AES-encrypted bypass). If used in a supply-chain or automation pipeline, it materially increases the likelihood of acquiring and operationalizing offensive tradecraft.