persist-maintain

No direct malware execution exists in this snippet; it is configuration-only. However, it explicitly steers retrieval toward persistence/backdoor maintenance concepts (including cron/scheduled-task and webshell-related keywords) and instructs an agent/test harness to fetch the corresponding skill content. In a supply-chain context, this is a concerning malicious-intent artifact that could enable harmful instruction generation when used by an automated agent or evaluation framework.

This code is a clear malicious playbook for establishing persistent remote backdoors and privilege escalation on Linux and Windows systems. It contains multiple high-risk persistence and evasion techniques (reverse shells, execution-policy bypass, SUID backdoor, replacing sethc.exe, WMI event subscriptions, persistent systemd/cron/tasks/registry entries). Do not run any of these commands in a production or sensitive environment. Remediation: treat systems where these commands were run as compromised, disconnect from network, perform full incident response (forensic image, credential rotation, rebuild from known-good media), and review logs for related network activity.

This artifact is a high-risk malicious instruction set rather than benign dependency code. It explicitly guides webshell deployment with evasion of defensive scanning and describes Windows WMI persistence for long-term, triggered execution. If present in a package/workflow, it should be treated as malicious content and blocked/quarantined pending thorough provenance review.

该技能的 stated purpose 本身就是后渗透持久化：部署 webshell、创建系统后门、隐藏痕迹并维持长期访问。能力与目的虽然一致，但该目的属于明确的攻击/持久化行为，不是正常开发或运维场景。未见外部安装器或第三方凭据转发，但技能内容本身就是高风险 offensive security 指南，应判定为高风险且带有明显恶意用途。