kage

The provided fragment is a declarative specification for a dual-use authentication-bypass testing agent. It explicitly instructs probing protected endpoints using multiple auth/HTTP/JWT manipulation variants and recording results with clean-session confirmation. No executable code is shown here, so malicious supply-chain behaviors (exfiltration, backdoors, persistence, destructive actions) cannot be confirmed from this snippet alone. The main risk is misuse potential inherent to auth-bypass probing rather than confirmed malware in this fragment.

The provided content is a specification for an SSRF exploitation/testing utility, not a code implementation. No direct supply-chain malware indicators (obfuscation, backdoors, persistence, credential theft by the package itself) are present in the fragment. However, the described behavior is explicitly offensive and high-impact (cloud metadata credential probing, internal service probing, and `file:///etc/passwd` reads) with OOB confirmation, making the tool notably risky for misuse and warranting scrutiny of the referenced implementation files before adoption.