fingerprint-bypass

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The GitHub URL points to an unknown third‑party repo that the skill explicitly instructs you to clone and run (including sudo), which is a risky distribution vector for malicious code; https://localhost:8443 is merely a loopback address referenced for a locally hosted instance of that code but depends on whatever you run from the repo.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly provides step-by-step techniques to evade anti-bot/anti-fraud detection (spoofing TLS/HTTP2/TCP/browser fingerprints, disabling navigator checks, using undetected drivers/stealth plugins, and persistence of fingerprint identity), which is deliberate facilitation of security-control circumvention and abuse; it contains no obvious hidden backdoor or data-exfiltration payloads, but its primary intent is to enable malicious/unauthorized access and large-scale scraping/fraud.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Flagged because SKILL.md explicitly instructs the agent to fetch and analyze arbitrary third‑party web content (e.g., "查看 403/429 响应头", "搜索页面 JS", checking cookies and page JS in Step 1, references to public test sites like tls.browserleaks.com in Step 2, and example code calling requests.get("https://target.com")), so untrusted external page content is ingested and used to determine subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs running sudo (e.g., "sudo ENABLE_TCP=1 python app.py") to enable TCP-layer collection, requesting elevated privileges and thus encouraging modification of the host state.