post-exploit-linux
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user/agent to download the LinPEAS script from an external, untrusted GitHub repository and pipe it directly into a shell for execution (curl | sh). This pattern allows for the execution of arbitrary remote code without prior review.
- [EXTERNAL_DOWNLOADS]: The skill downloads an external exploit binary (PwnKit) from a non-vendor GitHub repository. This specific binary was flagged by automated security scanners as potentially malicious content associated with botnets.
- [COMMAND_EXECUTION]: The skill provides numerous commands for acquiring root-level privileges through the exploitation of SUID binaries, sudo misconfigurations, and kernel vulnerabilities. These commands are intended to bypass system security controls.
- [DATA_EXFILTRATION]: The skill contains comprehensive instructions for harvesting sensitive data, including reading /etc/shadow, private SSH keys (id_rsa), and database configuration files containing plain-text credentials.
- [COMMAND_EXECUTION]: The documentation includes techniques for establishing persistence on a target system, such as injecting unauthorized SSH keys into the root user's authorized_keys file via Docker container mounts.
Recommendations
- HIGH: Downloads and executes remote code from: https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh - DO NOT USE without thorough review
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata