Skills
skills/wgpsec/aboutsecurity/webshell-management/Socket

webshell-management

Fail

Audited by Socket on Apr 22, 2026

1 alert found:

Malware
MalwareHIGH
SKILL.md

该技能不是一般管理或运维助手,而是面向 AI 代理的完整 webshell 后渗透/持久化手册。其核心能力包括远程命令执行、敏感文件窃取、反弹 shell、规避检测、权限维持和进一步攻击,实际数据流直接指向任意 TARGET/ATTACKER 主机,和合法开发场景不成比例。未见明显第三方安装器恶意投递,但技能本身提供高危攻击能力,应判定为恶意。

Confidence: 98%Severity: 99%
Audit Metadata
Analyzed At
Apr 22, 2026, 10:12 AM
Package URL
pkg:socket/skills-sh/wgpsec%2FAboutSecurity%2Fwebshell-management%2F@5cdca5d1bc72d7405d6183fa9b3a883181a9d493
Security Audit — socket — webshell-management