ot-ics-attack

该技能的能力与其“工控攻击方法论”目的表面一致，但它本质上是在为 AI 代理提供针对 ICS/SCADA/PLC 的攻击手册和可执行操作模板，且覆盖关键基础设施与物理控制层。未见明显凭证窃取或隐蔽外传，但作为 AI Agent Skill，其攻击性与现实危害都显著偏高，应归为高风险可疑/危险技能而非普通开发辅助技能。

This fragment is strongly indicative of malicious/offensive capability for ICS compromise: it connects to PLCs over common industrial protocols, performs reconnaissance and sensitive data extraction (including exporting program/DB blocks to local files), includes credential-testing logic, and provides (even if commented) the primitives needed for stop/start and program download/DB write operations. The overall workflow aligns with sabotage kill-chain stages (discover → enumerate → extract → modify/redeploy) and includes firmware analysis steps that can retrieve secrets/keys from device images. Use in production environments should be considered unsafe; treat as an attack playbook rather than benign software.

This fragment contains clearly offensive, operationally actionable ICS attack instructions and example code that performs reconnaissance and—critically—state-changing write/control actions (Modbus FC15/FC16/FC23, OPC UA node writing, FINS memory writes, plus described DNP3 unsolicited/relay control and PLC stop/mode switching via raw commands/frameworks). There is strong evidence of malicious intent aligned with physical process sabotage. Recommend treating the associated package/content as high risk and not using it in any production or connected environment.