php-bypass

该技能与其声明用途一致，但其用途本身是为 AI 代理提供 PHP 安全特性绕过与 RCE 能力，属于高风险进攻性技能。未见明确远程安装器、凭据转发或外传端点，因此更适合判定为高风险/可被滥用而非确认恶意软件。

The provided code is explicit malicious exploit logic: it attempts to bypass PHP open_basedir protections (via glob:// enumeration, runtime open_basedir manipulation with ini_set + traversal, and symlink/path-traversal escape) and then reads and outputs sensitive files such as /etc/passwd and a flag-like target. This is high-risk and should not be included or executed in any production or untrusted environment.

This fragment is an explicit malicious exploitation toolkit that demonstrates multiple ways to bypass PHP hardening and achieve OS command execution (LD_PRELOAD/gconv module injection, ImageMagick delegate injection, PHP FFI→libc system/popen, pcntl_exec, and environment-based Shellshock-style execution). It also includes a clear exfiltration workflow by reading sensitive data (e.g., /flag.txt) and capturing output to /tmp/output.txt for retrieval. If present in a dependency, it represents an extremely high security risk and overwhelming likelihood of harmful intent.