skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
aradotso/security-skills738 installs

malware-analysis-warning

Warning system for identifying potentially malicious software distribution repositories

How do I install this agent skill?

npx skills add https://github.com/aradotso/security-skills --skill malware-analysis-warning
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    This skill is a safety-oriented educational tool designed to warn users about the risks of downloading cracked or pirated security software. It provides information on identifying malware distribution red flags, offers legitimate software alternatives, and provides guidance for system cleanup and reporting of malicious repositories. No security risks or malicious instructions were identified within the skill's content.

  • Socketpass

    No alerts

  • Snykfail

    Risk: CRITICAL · 2 issues

What does this agent skill do?

Malware Distribution Repository Detection

Skill by ara.so — Security Skills collection.

⚠️ CRITICAL SECURITY WARNING

This repository exhibits HIGH-RISK INDICATORS of malware distribution disguised as legitimate security software. DO NOT DOWNLOAD, INSTALL, OR EXECUTE ANY FILES FROM THIS SOURCE.

Threat Indicators

1. Malicious Intent Signatures

  • Offers "cracked" or "pre-activated" commercial security software
  • Claims to provide license keys, keygens, or activation loaders
  • Uses star inflation tactics (artificial GitHub stars)
  • No legitimate source code in repository

2. Social Engineering Tactics

  • Impersonates trusted security brand (Bitdefender)
  • Uses technical jargon to appear legitimate ("heuristic-analysis", "rootkit-remover")
  • Targets Windows 10/11 users seeking free antivirus
  • Creates urgency with "Latest Build" and version numbers

3. Distribution Pattern

  • Repository name includes "Crack" - immediate red flag
  • No actual source code for security features
  • Topics designed for SEO manipulation
  • Missing README (common in malware repos to avoid detection)

What This Actually Is

This is a malware distribution vector that likely contains:

  • Trojans - Remote access backdoors
  • Ransomware - File encryption malware
  • Infostealers - Credential/data theft tools
  • Cryptominers - Unauthorized cryptocurrency mining
  • Botnet agents - Device hijacking malware

Protection Guidelines

For Developers

// NEVER execute code from untrusted sources
// Example: Detecting malicious repository patterns

package main

import (
    "fmt"
    "strings"
)

type RepoRiskAnalysis struct {
    Name        string
    Description string
    Topics      []string
    HasReadme   bool
    RiskScore   int
}

func (r *RepoRiskAnalysis) AssessRisk() string {
    riskFactors := []string{}
    
    // Check for crack/keygen keywords
    if containsAny(r.Name, []string{"crack", "keygen", "loader", "activated"}) {
        r.RiskScore += 50
        riskFactors = append(riskFactors, "Crack/keygen terminology in name")
    }
    
    // Check for piracy indicators in description
    if containsAny(r.Description, []string{"pre-activated", "license key", "full version"}) {
        r.RiskScore += 40
        riskFactors = append(riskFactors, "Piracy indicators in description")
    }
    
    // Check for legitimate commercial software being "cracked"
    if containsAny(strings.ToLower(r.Name), []string{"bitdefender", "norton", "kaspersky", "mcafee"}) {
        r.RiskScore += 30
        riskFactors = append(riskFactors, "Impersonating commercial security software")
    }
    
    // Missing README is suspicious
    if !r.HasReadme {
        r.RiskScore += 20
        riskFactors = append(riskFactors, "No README documentation")
    }
    
    // Assess overall risk
    if r.RiskScore >= 80 {
        return fmt.Sprintf("CRITICAL THREAT (Score: %d)\nFactors:\n- %s", 
            r.RiskScore, strings.Join(riskFactors, "\n- "))
    } else if r.RiskScore >= 50 {
        return fmt.Sprintf("HIGH RISK (Score: %d)\nFactors:\n- %s", 
            r.RiskScore, strings.Join(riskFactors, "\n- "))
    }
    
    return fmt.Sprintf("Risk Score: %d", r.RiskScore)
}

func containsAny(text string, keywords []string) bool {
    lowerText := strings.ToLower(text)
    for _, keyword := range keywords {
        if strings.Contains(lowerText, strings.ToLower(keyword)) {
            return true
        }
    }
    return false
}

Automated Detection

// GitHub repository scanner for malware patterns
package scanner

import (
    "context"
    "os"
)

type MalwareScanner struct {
    ApiToken string
}

func NewScanner() *MalwareScanner {
    return &MalwareScanner{
        ApiToken: os.Getenv("GITHUB_TOKEN"),
    }
}

func (s *MalwareScanner) ScanRepository(ctx context.Context, repoURL string) (*ThreatReport, error) {
    report := &ThreatReport{
        URL:         repoURL,
        Threats:     []string{},
        Severity:    "UNKNOWN",
    }
    
    // Pattern matching for common malware repository traits
    patterns := []string{
        "crack", "keygen", "loader", "activator",
        "pre-activated", "bypass", "patch",
    }
    
    // Check repository metadata
    // Check commit history for suspicious patterns
    // Analyze file types (executables without source)
    // Verify against known malware signatures
    
    if len(report.Threats) > 3 {
        report.Severity = "CRITICAL"
    }
    
    return report, nil
}

type ThreatReport struct {
    URL      string
    Threats  []string
    Severity string
}

Safe Alternatives

Legitimate Bitdefender Sources

# Official Bitdefender download (trials available)
# Visit: https://www.bitdefender.com/downloads/

# Official free antivirus options
# Windows Defender (built-in, free, and effective)
# Turn on: Settings -> Privacy & Security -> Windows Security

# Other legitimate free options:
# - Avast Free Antivirus (avast.com)
# - AVG AntiVirus Free (avg.com)
# - Kaspersky Free (kaspersky.com/free-antivirus)

Reporting Malicious Repositories

# Report to GitHub
# https://github.com/contact/report-abuse

# Report to Google Safe Browsing
# https://safebrowsing.google.com/safebrowsing/report_badware/

# Report to Microsoft
# https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site

Key Takeaways

  1. Never trust "cracked" security software - It's an oxymoron and always malicious
  2. Stars don't indicate safety - Malware repos use bots to inflate popularity
  3. Use official sources only - Download security software from vendor websites
  4. Free alternatives exist - No need to risk malware for free antivirus
  5. When in doubt, don't download - Your system security is worth more than any "free" software

Environment Variables

# For automated scanning tools
export GITHUB_TOKEN="your_token_here"
export VIRUSTOTAL_API_KEY="your_api_key_here"
export MALWARE_DB_URL="https://your-malware-db.example.com"

Additional Resources


FINAL WARNING: This repository is a security threat. Protect yourself and others by reporting it and avoiding any downloads.

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/aradotso/security-skills/malware-analysis-warning">View malware-analysis-warning on skillZs</a>