sqlmap-advanced

This is not supply-chain malware code; it is offensive-security operational guidance for running sqlmap with WAF-evasion tamper settings. It meaningfully enables SQL injection probing/evasion and logs results locally, so in a distribution/supply-chain context it represents a high misuse risk and should be treated as potentially dangerous content, even though the likelihood of covert malware embedded in this snippet is low.

该技能与其声明用途一致，但其用途本身是为 AI 代理提供完整的 SQL 注入利用与后渗透操作指南。未见明显恶意供应链或凭证窃取迹象，但它赋予代理高危进攻性安全能力与自主执行路径，应判定为高风险而非良性通用技能。

This fragment is an offensive exploitation command playbook for sqlmap. It explicitly enables remote OS command execution, sensitive file exfiltration, and persistent webshell deployment (backdoor) using a PHP system($_GET['cmd']) payload, plus advanced second-order injection and tuning/stealth options. If included in a distributed package/dependency, it would be a serious security red flag and likely facilitate intrusion rather than provide protective functionality.