iox-proxy

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). The URL points to a GitHub repository (EddieIvan01/iox) from an unestablished user that distributes a single-binary tunneling/proxy tool used for port‑forwarding and internal network pivoting—typical of tools that can be abused for malicious lateral movement and may contain backdoors, and small/unknown GitHub repos publishing executables are a high‑risk source.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly instructs how to set up reverse port forwards, SOCKS5 proxies, and encrypted tunnels to bypass firewalls, pivot into internal networks, and enable covert remote access and data exfiltration, clearly facilitating backdoor-style access and malicious lateral movement.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt gives explicit commands to run networking binaries, set up reverse tunnels and proxies, and even modifies a system file (/etc/proxychains.conf), all of which change system state and facilitate compromising machines/networks.