deserialization-insecure

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains explicit secret key strings (e.g., Shiro default AES-CBC keys) and instructs embedding them verbatim into cookies/payloads, which forces the model to output sensitive credential values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a clear offensive playbook describing step-by-step exploitation techniques (ysoserial/phpggc/pickle phar, JNDI/RMI/T3, SnakeYAML remote classloading, Shiro default keys, DNS/HTTP callbacks, ViewState forging, etc.) intended to achieve remote code execution, data exfiltration, and persistent compromise — i.e., deliberate malicious behavior and backdoor/enabling techniques.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned for literal, high-entropy values that could be used as live credentials. I found explicit AES keys listed as "Known hard-coded keys (SHIRO-550 / CVE-2016-4437)" — these are base64-encoded AES keys that are real, usable secrets for Shiro rememberMe cookie encryption:
• kPH+bIxk5D2deZiIxcaaaA==
• wGJlpLanyXlVB1LUUWolBg==
• 4AvVhmFLUs0KTA3Kprsdag==
• Z3VucwAAAAAAAAAAAAAAAA==

These meet the definition (high-entropy, literal values that provide access) and are actionable for forging/decrypting rememberMe cookies.

Other potential-looking strings in the document (e.g., ATTACKER, TOKEN, BURP_COLLAB, xxx.dnslog.cn, KNOWN_KEY, example commands like "id", URLs, and tool placeholders) are documentation placeholders, examples, or low-entropy commands and were ignored per the rules.