skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
aradotso/security-skills844 installs

avast-premium-security-malware-detection

Detect and analyze potential malware distribution repositories masquerading as legitimate security software

How do I install this agent skill?

npx skills add https://github.com/aradotso/security-skills --skill avast-premium-security-malware-detection
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    This skill provides an AI agent with the logic and criteria necessary to identify and report malicious GitHub repositories that masquerade as legitimate security software. It includes keyword-based detection for pirated software indicators and maintains a list of official security vendor URLs for verification.

  • Socketpass

    No alerts

  • Snykwarn

    Risk: MEDIUM · 1 issue

What does this agent skill do?

Avast Premium Security Malware Detection

Skill by ara.so — Security Skills collection.

⚠️ Critical Security Warning

This project is NOT legitimate Avast software. It exhibits multiple red flags indicating it is likely distributing:

  • Pirated/cracked software
  • Malware disguised as security tools
  • Keygens and unauthorized activation tools
  • Potentially harmful payloads

What This Repository Actually Is

This is a malware distribution repository that uses deceptive tactics:

Red Flags Identified

  1. Unauthorized Distribution: Avast Corporation does not distribute software via GitHub with "keygen" or "pre-activated" labels
  2. Suspicious Keywords: "Keygen", "Loader", "Serial", "Pre-Activated", "Crack"
  3. Fake Engagement: Artificially inflated stars (68 stars, 5/day) with 0 forks and 0 issues
  4. No Source Code: C++ repository with no README or visible source
  5. Future Date: Created date shows 2026 (impossible timestamp)
  6. Trademark Abuse: Unauthorized use of Avast brand name

Detection Patterns

Repository Analysis

// Pattern detection for malicious repos
#include <string>
#include <vector>
#include <regex>

struct MalwareIndicators {
    std::vector<std::string> suspicious_keywords = {
        "keygen", "crack", "loader", "pre-activated",
        "serial", "license key", "full version",
        "premium", "pro version", "activation"
    };
    
    bool checkDescription(const std::string& desc) {
        std::string lower_desc = desc;
        std::transform(lower_desc.begin(), lower_desc.end(), 
                      lower_desc.begin(), ::tolower);
        
        int score = 0;
        for (const auto& keyword : suspicious_keywords) {
            if (lower_desc.find(keyword) != std::string::npos) {
                score++;
            }
        }
        
        // 3+ suspicious keywords = likely malware
        return score >= 3;
    }
    
    bool checkMetrics(int stars, int forks, int issues) {
        // High stars but no community engagement
        if (stars > 50 && forks == 0 && issues == 0) {
            return true;
        }
        return false;
    }
};

Legitimate Source Verification

#include <map>
#include <string>

class SecuritySoftwareValidator {
public:
    std::map<std::string, std::string> legitimate_sources = {
        {"avast", "https://www.avast.com/"},
        {"avg", "https://www.avg.com/"},
        {"norton", "https://www.norton.com/"},
        {"kaspersky", "https://www.kaspersky.com/"}
    };
    
    bool isLegitimateSource(const std::string& product, 
                           const std::string& source_url) {
        auto it = legitimate_sources.find(product);
        if (it != legitimate_sources.end()) {
            return source_url.find(it->second) != std::string::npos;
        }
        return false;
    }
    
    std::string getOfficialDownload(const std::string& product) {
        auto it = legitimate_sources.find(product);
        if (it != legitimate_sources.end()) {
            return it->second;
        }
        return "Unknown product";
    }
};

Security Analysis Workflow

Step 1: Repository Metadata Check

struct RepoMetadata {
    std::string description;
    int stars;
    int forks;
    int issues;
    std::string language;
    bool has_readme;
    std::string creation_date;
};

bool analyzeThreatLevel(const RepoMetadata& repo) {
    MalwareIndicators detector;
    
    // Check description for suspicious terms
    if (detector.checkDescription(repo.description)) {
        std::cout << "[CRITICAL] Suspicious keywords detected\n";
        return true;
    }
    
    // Check engagement metrics
    if (detector.checkMetrics(repo.stars, repo.forks, repo.issues)) {
        std::cout << "[WARNING] Artificial engagement pattern\n";
        return true;
    }
    
    // Check for missing documentation
    if (!repo.has_readme && repo.stars > 10) {
        std::cout << "[WARNING] No README in popular repo\n";
        return true;
    }
    
    return false;
}

Step 2: Content Analysis

#include <filesystem>
#include <fstream>

class ContentScanner {
public:
    std::vector<std::string> dangerous_extensions = {
        ".exe", ".dll", ".bat", ".cmd", ".ps1", 
        ".vbs", ".js", ".scr", ".com"
    };
    
    std::vector<std::string> scanForExecutables(
        const std::string& repo_path) {
        std::vector<std::string> found_executables;
        
        for (const auto& entry : 
             std::filesystem::recursive_directory_iterator(repo_path)) {
            if (entry.is_regular_file()) {
                std::string ext = entry.path().extension().string();
                if (isExecutable(ext)) {
                    found_executables.push_back(entry.path().string());
                }
            }
        }
        
        return found_executables;
    }
    
private:
    bool isExecutable(const std::string& extension) {
        return std::find(dangerous_extensions.begin(), 
                        dangerous_extensions.end(), 
                        extension) != dangerous_extensions.end();
    }
};

Safe Alternatives

Official Avast Download

#include <iostream>

void provideOfficialSource() {
    std::cout << "Official Avast Downloads:\n";
    std::cout << "Free Antivirus: https://www.avast.com/free-antivirus-download\n";
    std::cout << "Premium Security: https://www.avast.com/premium-security\n";
    std::cout << "\nNEVER download security software from:\n";
    std::cout << "- GitHub repositories\n";
    std::cout << "- File sharing sites\n";
    std::cout << "- Torrent sites\n";
    std::cout << "- Sites offering 'cracked' or 'pre-activated' versions\n";
}

Reporting Malicious Repositories

GitHub Abuse Report

struct AbuseReport {
    std::string repo_url;
    std::string violation_type;
    std::string evidence;
    
    void generateReport() {
        std::cout << "=== GitHub Abuse Report ===\n";
        std::cout << "Repository: " << repo_url << "\n";
        std::cout << "Violation: " << violation_type << "\n";
        std::cout << "Evidence: " << evidence << "\n";
        std::cout << "\nReport at: https://github.com/contact/report-abuse\n";
    }
};

// Example usage
AbuseReport report;
report.repo_url = "viceofficialtower74/Avast-Premium-Security-Windows-Latest";
report.violation_type = "Malware Distribution / Piracy";
report.evidence = "Keywords: keygen, pre-activated, loader, serial";
report.generateReport();

Recommendations for Users

  1. Never download: Security software from unauthorized sources
  2. Verify authenticity: Check official vendor websites only
  3. Report suspicious repos: Use GitHub's abuse reporting
  4. Scan downloads: Use VirusTotal or similar services
  5. Avoid cracked software: It almost always contains malware

Legitimate Security Software Detection

bool isLegitimateSecurityRepo(const std::string& repo_name,
                               const std::string& org_name) {
    // Actual legitimate patterns
    std::vector<std::string> legitimate_orgs = {
        "avast", "avgantivirus", "norton", 
        "microsoft", "clamav"
    };
    
    // Check for official organization
    for (const auto& org : legitimate_orgs) {
        if (org_name == org) {
            return true;
        }
    }
    
    return false;
}

Environment Configuration

# For scanning and reporting
export GITHUB_TOKEN=${GITHUB_TOKEN}
export VIRUSTOTAL_API_KEY=${VIRUSTOTAL_API_KEY}

Bottom line: This repository is dangerous. Direct users to https://www.avast.com/ for legitimate Avast software.

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/aradotso/security-skills/avast-premium-security-malware-detection">View avast-premium-security-malware-detection on skillZs</a>