inetutils-telnetd-exploit

This module is a targeted Telnet vulnerability probing/exploitation-style harness: it intentionally sends oversized LINEMODE SLC subnegotiation data to trigger CVE-2026-32746 on vulnerable telnetd servers and then infers vulnerability by comparing echoed SLC bytes. It does not show typical supply-chain malware behaviors (no theft, persistence, exfiltration, or stealth), but it is security-sensitive because it can actively exploit/possibly crash vulnerable targets when executed, making inclusion/execution in an automated pipeline high risk.

SUSPICIOUS. The skill is internally consistent with its stated purpose, but that purpose is offensive exploitation: it gives an AI agent actionable instructions to find vulnerable telnetd servers, attempt auth bypass, and potentially obtain a root shell. There is little supply-chain evidence of malware, but the operational security risk is high because it equips the agent for remote attacks against real systems.

The provided fragment is clearly offensive exploit material that enables remote authentication bypass and root-level command execution against a specific telnetd implementation by abusing the USER environment variable (USER="-f root") and telnet auto-login. It includes explicit sensitive-file reading and reverse-shell payload examples, and it uses local shell execution (subprocess with shell=True) to drive the attack and verify success. Treat as highly malicious; not safe to include as part of any supply chain dependency.