The Agent Skills Directory

[PROMPT_INJECTION]: The skill's description contains a specific directive instructing the agent to always use this skill ('必须使用此技能') when Nacos vulnerabilities are mentioned, which acts as a mechanism to override the agent's internal logic for skill selection.
[COMMAND_EXECUTION]: Provides multiple Python scripts and HTTP request templates that allow an agent to execute arbitrary system commands on target Nacos servers by exploiting Derby SQL injection and JRaft Hessian deserialization vulnerabilities.
[REMOTE_CODE_EXECUTION]: Includes instructions for achieving code execution by having the target server download and load malicious JAR files from user-controlled infrastructure (VPS) or unverified third-party repositories like GitHub.
[DATA_EXFILTRATION]: Contains targeted requests and scripts designed to bypass authentication and extract sensitive internal data, such as system configuration files and user password hashes from the Nacos database.
[CREDENTIALS_UNSAFE]: The skill documentation includes hardcoded exploitation credentials, specifically a long-lived JWT token used to bypass authentication in Nacos versions below 2.2.0.
[EXTERNAL_DOWNLOADS]: Encourages the download and execution of external security tools from unverified third-party sources (e.g., github.com/c0olw/NacosRce), posing a supply chain risk if the external content is compromised.

nacos-exploit