ofbiz-exploit

SUSPICIOUS。该技能不是伪装型窃密器，但它明确为 AI 代理提供未经授权的漏洞利用、远程命令执行和反弹 shell 能力，属于高风险攻击性安全技能。外部依赖 ysoserial 具一定公开来源可验证性，降低了恶意供应链确定性，但不改变其整体高危安全属性。

The provided code fragment is not a benign library component; it is exploit/detection tooling for Apache OFBiz vulnerabilities. It probes for an authentication bypass and then generates ysoserial-based serialized gadget payloads locally (via shell command execution), embeds them into an XML-RPC request, and delivers the payload over HTTP to the target with bypass parameters. Overall, the behavior is highly aligned with malicious exploitation activity (remote code execution attempts), with additional high-risk implementation patterns (shell=True and disabled TLS verification).

The provided file is highly malicious exploitation tooling. It crafts and delivers Unicode-escaped Groovy payloads that invoke ProcessBuilder(sh -c <command>) to trigger remote OS command execution on Apache OFBiz webtools endpoints, extracts command output from exception pages, and optionally delivers a reverse shell back to an attacker-controlled host. If encountered in a supply-chain context, it should be treated as a critical compromise indicator and not executed or distributed.