portainer-exploit

This fragment is explicitly intrusion-enabling offensive tooling. It performs timing-based valid-user enumeration against Portainer’s authentication endpoint and includes probing for websocket components associated with a known SSRF→request-splitting→RCE attack path. While it does not execute RCE payloads in the shown code, its reconnaissance capability and direct focus on vulnerable surfaces make it high-risk from a supply-chain perspective if distributed as a dependency.

This code fragment is explicitly malicious/weaponized: it performs default password attempts against Portainer, optionally timing-based user enumeration, and—after obtaining a JWT—creates a privileged Docker container with the host filesystem bind-mounted and uses `chroot` to execute attacker-supplied commands on the host. It also includes actions to steal host credentials (`/etc/shadow` example) and to establish persistent root access via SSH key injection. High probability of malicious intent; it is not suitable as a general-purpose dependency.

该技能并非普通管理或检测助手，而是面向AI代理的Portainer利用手册，系统性覆盖口令攻击、用户枚举、SSRF→RCE和认证后宿主机逃逸。未见明显第三方安装或凭据转发到外部中间站，但其核心能力就是指导对真实系统实施入侵与RCE，因此应判定为高风险、可疑且不适合作为通用技能启用。