spray-dir-brute

This artifact is a dual-use instruction/configuration bundle that generates command-line workflows for active web reconnaissance: directory brute forcing for PHP/JSP resources, backup/sensitive-file discovery, and endpoint fingerprinting using previously discovered live URLs. It does not itself demonstrate covert malware behaviors (no obfuscation, payloads, persistence, or exfiltration), but it directly enables aggressive network probing against internal targets when used by a downstream executor. Treat as high operational risk content in a supply-chain review, requiring strict access controls, provenance checks, and authorization boundaries.

该技能不是明显恶意或窃密型内容，但它明确为 AI 代理提供进攻性 Web 枚举与扫描能力，风险与用途高度相关。目的与能力一致、安装来源未见异常、也未见把数据路由到可疑第三方；不过批量扫描、敏感路径探测、携带 Cookie 和代理支持使其在未严格授权场景下具有高安全风险，应归类为高风险可疑技能而非恶意软件。