webshell-deploy

This fragment is unequivocally webshell/backdoor material. It enables arbitrary remote command execution from unauthenticated HTTP parameters (JSP Runtime.exec and PHP system/eval/dynamic execution variants), supports persistence via attacker-uploaded server files, and includes Tomcat PUT upload bypass and operational steps for deployment, verification, use, and cleanup. If present in a software supply-chain artifact/dependency, it represents an extreme compromise risk and should be treated as malicious.

This fragment is a highly malicious JVM in-memory webshell/backdoor design. It enables remote OS command execution using an attacker-controlled HTTP parameter (cmd) and exfiltrates command output via HTTP (directly or via request attributes). It further installs the backdoor into the running servlet container in-memory by dynamically registering Filter/Servlet/Listener components (and mentions optional Spring mapping/Java Agent instrumentation), implying stealthy persistence for the duration of the process. If encountered in a supply chain context, it should be treated as malware payload rather than legitimate code.

该 skill 不是普通开发或管理辅助工具，而是专门教 AI 代理在目标服务器上写入并利用 webshell 的攻击方法论，覆盖漏洞利用、持久化与远程命令执行。虽未表现为隐蔽窃密或第三方凭据转发，但其用途与能力本身即为高风险 offensive security / intrusion enablement，应判定为恶意取向的高危技能。