Skill Trust Index / detail

SnailSploit/Claude-Red/offensive-exploit-dev-course

0
dangerous analyzed 2h ago
WHY THIS SCORE

Claims

The skill provides a structured roadmap and syllabus for an exploit development course. It acts as a checklist and guide for learning vulnerability research and fuzzing, primarily using static content (readings, links, and example commands) to structure training.

Actual behavior

The skill defines trigger phrases and instructions for the AI to follow a specific methodology. It includes embedded shell scripts for setting up tools like AFL++ and Google FuzzTest. The code snippets are standard installation and execution commands for security tools. There is no dynamic execution of untrusted user input into these scripts, nor is there any network communication to external endpoints for data exfiltration. The skill essentially serves as a rich text document with copy-pasteable code blocks.

Findings

critical remote_exec — pipes a downloaded script straight into a shell (remote code execution)
do ./llvm.sh 19 all curl --proto '=https' --tlsv1.2 -sSf "https://sh.rustup.rs" | sh mkdir soft cd soft
critical remote_exec — pipes a downloaded script straight into a shell (remote code execution)
e $crash).log done curl --proto '=https' --tlsv1.2 -sSf "https://sh.rustup.rs" | sh cargo install casr
medium raw_ip_net — connects to a raw IP address
w3m w3m-img && w3m http://127.0.0.1:56741 ``` ### Day
medium hidden_download — downloads files to disk
n3 setup.py install wget -O ~/.gdbinit-gef.py -
medium hidden_download — downloads files to disk
&& cd ~/soft/image wget https://raw.githubusercontent.com/google/syzkaller/master/tools/create-image.sh -O create-image.sh chm
low broad_perms — requests broad/elevated permissions
# Setting up AFL++ sudo apt install build-es
low broad_perms — requests broad/elevated permissions
sh chmod +x llvm.sh sudo ./llvm.sh 19 all cur
low broad_perms — requests broad/elevated permissions
usplus make distrib sudo make install # Phase
low broad_perms — requests broad/elevated permissions
bort=1:symbolize=0" sudo apt install libx11-d
low broad_perms — requests broad/elevated permissions
./imglab --stats @@ sudo apt install gdb git
low broad_perms — requests broad/elevated permissions
soft/exploitable && sudo python3 setup.py ins
low broad_perms — requests broad/elevated permissions
ef.py >> ~/.gdbinit sudo apt install valgrind
low broad_perms — requests broad/elevated permissions
_FUZZING_MODE=on .. sudo apt install libssl-d
low broad_perms — requests broad/elevated permissions
oogle/honggfuzz.git sudo apt-get install binu
low broad_perms — requests broad/elevated permissions
onggfuzz && make && sudo make install cd /hom
low broad_perms — requests broad/elevated permissions
yzkaller`. ```bash sudo apt update sudo apt
low broad_perms — requests broad/elevated permissions
ash sudo apt update sudo apt install make gcc
low broad_perms — requests broad/elevated permissions
g && make -j`nproc` sudo apt install debootst
low broad_perms — requests broad/elevated permissions
ixie --feature full sudo apt install qemu-sys
low broad_perms — requests broad/elevated permissions
tem-x86 cd /tmp/ && sudo qemu-system-x86_64 \
low broad_perms — requests broad/elevated permissions
nux-amd64.tar.gz && sudo mv go /usr/local cd
low broad_perms — requests broad/elevated permissions
OT mkdir workdir && sudo ./bin/syz-manager -c
low broad_perms — requests broad/elevated permissions
ft/syzkaller/my.cfg sudo apt install w3m w3m-
low broad_perms — requests broad/elevated permissions
tall required tools sudo apt update sudo apt
low broad_perms — requests broad/elevated permissions
ols sudo apt update sudo apt install gdb pyth
low broad_perms — requests broad/elevated permissions
.git cd exploitable sudo python3 setup.py ins
low broad_perms — requests broad/elevated permissions
lled, install Clang sudo apt install clang #
low broad_perms — requests broad/elevated permissions
lect if using AFL++ sudo apt install afl-util

Attestation

signer 0xB62e1c338a83D3a6621f9127eEa5B000caCfCd01
digest 0xe9755cf44f5f9338e8eb4bad1f8f738cb1c42cc91c02fc7b2f29c7263729cee4
verify: GET /skill/verify?digest=…&signature=… · scheme eip191-sha256

← Back to the index