harbor-exploit

该技能是面向AI代理的Harbor攻击与利用手册，核心能力是入侵、提权、数据泄露和镜像篡改，且包含管理员后供应链攻击路径。虽未见可疑安装器或第三方凭据中转，但其实际用途与影响属于高风险 offensive exploit skill，应判定为SUSPICIOUS而非BENIGN。

该代码与配套利用步骤高度指向恶意/攻击用途：包含硬编码默认凭据探测（认证绕过验证）、未授权接口探测信息枚举、以及在获得权限后创建持久化 Robot 账号并通过 docker push 覆盖镜像 tag 实施供应链投毒。总体上不符合安全审计/防护库的正常用途，风险很高，应避免在任何生产/不受控环境中使用，并对目标系统与镜像仓库的历史发布与凭据/机器人账号进行紧急排查。

This file is highly indicative of malicious/offensive use: it contains PoC/exploitation tooling for Harbor that hardcodes default admin credentials, performs unauthenticated repository/artifact/digest enumeration to produce actionable docker pull instructions, and attempts privilege escalation by submitting an admin-role creation payload to /api/users. TLS verification is intentionally disabled to improve probing robustness/stealth. Treat as a high-risk artifact for supply-chain and operational misuse.