malware-analysis-warning
Warning system for identifying potentially malicious software distribution repositories
How do I install this agent skill?
npx skills add https://github.com/aradotso/security-skills --skill malware-analysis-warningIs this agent skill safe to install?
- Gen Agent Trust Hubpass
This skill is a safety-oriented educational tool designed to warn users about the risks of downloading cracked or pirated security software. It provides information on identifying malware distribution red flags, offers legitimate software alternatives, and provides guidance for system cleanup and reporting of malicious repositories. No security risks or malicious instructions were identified within the skill's content.
- Socketpass
No alerts
- Snykfail
Risk: CRITICAL · 2 issues
What does this agent skill do?
Malware Distribution Repository Detection
Skill by ara.so — Security Skills collection.
⚠️ CRITICAL SECURITY WARNING
This repository exhibits HIGH-RISK INDICATORS of malware distribution disguised as legitimate security software. DO NOT DOWNLOAD, INSTALL, OR EXECUTE ANY FILES FROM THIS SOURCE.
Threat Indicators
1. Malicious Intent Signatures
- Offers "cracked" or "pre-activated" commercial security software
- Claims to provide license keys, keygens, or activation loaders
- Uses star inflation tactics (artificial GitHub stars)
- No legitimate source code in repository
2. Social Engineering Tactics
- Impersonates trusted security brand (Bitdefender)
- Uses technical jargon to appear legitimate ("heuristic-analysis", "rootkit-remover")
- Targets Windows 10/11 users seeking free antivirus
- Creates urgency with "Latest Build" and version numbers
3. Distribution Pattern
- Repository name includes "Crack" - immediate red flag
- No actual source code for security features
- Topics designed for SEO manipulation
- Missing README (common in malware repos to avoid detection)
What This Actually Is
This is a malware distribution vector that likely contains:
- Trojans - Remote access backdoors
- Ransomware - File encryption malware
- Infostealers - Credential/data theft tools
- Cryptominers - Unauthorized cryptocurrency mining
- Botnet agents - Device hijacking malware
Protection Guidelines
For Developers
// NEVER execute code from untrusted sources
// Example: Detecting malicious repository patterns
package main
import (
"fmt"
"strings"
)
type RepoRiskAnalysis struct {
Name string
Description string
Topics []string
HasReadme bool
RiskScore int
}
func (r *RepoRiskAnalysis) AssessRisk() string {
riskFactors := []string{}
// Check for crack/keygen keywords
if containsAny(r.Name, []string{"crack", "keygen", "loader", "activated"}) {
r.RiskScore += 50
riskFactors = append(riskFactors, "Crack/keygen terminology in name")
}
// Check for piracy indicators in description
if containsAny(r.Description, []string{"pre-activated", "license key", "full version"}) {
r.RiskScore += 40
riskFactors = append(riskFactors, "Piracy indicators in description")
}
// Check for legitimate commercial software being "cracked"
if containsAny(strings.ToLower(r.Name), []string{"bitdefender", "norton", "kaspersky", "mcafee"}) {
r.RiskScore += 30
riskFactors = append(riskFactors, "Impersonating commercial security software")
}
// Missing README is suspicious
if !r.HasReadme {
r.RiskScore += 20
riskFactors = append(riskFactors, "No README documentation")
}
// Assess overall risk
if r.RiskScore >= 80 {
return fmt.Sprintf("CRITICAL THREAT (Score: %d)\nFactors:\n- %s",
r.RiskScore, strings.Join(riskFactors, "\n- "))
} else if r.RiskScore >= 50 {
return fmt.Sprintf("HIGH RISK (Score: %d)\nFactors:\n- %s",
r.RiskScore, strings.Join(riskFactors, "\n- "))
}
return fmt.Sprintf("Risk Score: %d", r.RiskScore)
}
func containsAny(text string, keywords []string) bool {
lowerText := strings.ToLower(text)
for _, keyword := range keywords {
if strings.Contains(lowerText, strings.ToLower(keyword)) {
return true
}
}
return false
}
Automated Detection
// GitHub repository scanner for malware patterns
package scanner
import (
"context"
"os"
)
type MalwareScanner struct {
ApiToken string
}
func NewScanner() *MalwareScanner {
return &MalwareScanner{
ApiToken: os.Getenv("GITHUB_TOKEN"),
}
}
func (s *MalwareScanner) ScanRepository(ctx context.Context, repoURL string) (*ThreatReport, error) {
report := &ThreatReport{
URL: repoURL,
Threats: []string{},
Severity: "UNKNOWN",
}
// Pattern matching for common malware repository traits
patterns := []string{
"crack", "keygen", "loader", "activator",
"pre-activated", "bypass", "patch",
}
// Check repository metadata
// Check commit history for suspicious patterns
// Analyze file types (executables without source)
// Verify against known malware signatures
if len(report.Threats) > 3 {
report.Severity = "CRITICAL"
}
return report, nil
}
type ThreatReport struct {
URL string
Threats []string
Severity string
}
Safe Alternatives
Legitimate Bitdefender Sources
# Official Bitdefender download (trials available)
# Visit: https://www.bitdefender.com/downloads/
# Official free antivirus options
# Windows Defender (built-in, free, and effective)
# Turn on: Settings -> Privacy & Security -> Windows Security
# Other legitimate free options:
# - Avast Free Antivirus (avast.com)
# - AVG AntiVirus Free (avg.com)
# - Kaspersky Free (kaspersky.com/free-antivirus)
Reporting Malicious Repositories
# Report to GitHub
# https://github.com/contact/report-abuse
# Report to Google Safe Browsing
# https://safebrowsing.google.com/safebrowsing/report_badware/
# Report to Microsoft
# https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site
Key Takeaways
- Never trust "cracked" security software - It's an oxymoron and always malicious
- Stars don't indicate safety - Malware repos use bots to inflate popularity
- Use official sources only - Download security software from vendor websites
- Free alternatives exist - No need to risk malware for free antivirus
- When in doubt, don't download - Your system security is worth more than any "free" software
Environment Variables
# For automated scanning tools
export GITHUB_TOKEN="your_token_here"
export VIRUSTOTAL_API_KEY="your_api_key_here"
export MALWARE_DB_URL="https://your-malware-db.example.com"
Additional Resources
- VirusTotal - Scan suspicious files
- Hybrid Analysis - Malware analysis
- Any.run - Interactive malware sandbox
- URLhaus - Malware URL database
FINAL WARNING: This repository is a security threat. Protect yourself and others by reporting it and avoiding any downloads.
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/aradotso/security-skills/malware-analysis-warning">View malware-analysis-warning on skillZs</a>