linux-lateral-movement
github.com/yaklang/hack-skills
Scanned Thu, 28 May 2026 17:28:57 GMT
Scan ID crawl-s0jluomcojmiiuuhd536vp9i · 2ms
C
SCORE 55 / 100
Verdict: Proceed with caution
6 high-severity findings.
This skill reads protected filesystem locations plus 6 other issues listed below.
0 critical6 high1 medium5 rules passed
Why grade C?
score · 55 / 100The current grade reflects 6 high-severity findings (3+ HIGHs → C).
0 CRIT6 HIGH1 MED0 LOW
To reach a higher grade
- BReach Btarget score 75
Resolve 4 of 6 HIGH (cap is 2).
- AReach Atarget score 95
Resolve all 6 HIGH.
Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.
Findings · ordered by severity
highSensitive filesystem path referencedThe skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
83```bash
84# Hashed known_hosts (common default):
85cat ~/.ssh/known_hosts← sensitive path — credential-exfiltration vector
86# May be hashed — use ssh-keygen to check against known IPs:
87ssh-keygen -F 10.0.0.1 -f ~/.ssh/known_hosts
highSensitive filesystem path referencedThe skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
85cat ~/.ssh/known_hosts
86# May be hashed — use ssh-keygen to check against known IPs:
87ssh-keygen -F 10.0.0.1 -f ~/.ssh/known_hosts← sensitive path — credential-exfiltration vector
88
89# Unhashed known_hosts → direct IP/hostname list
highSensitive filesystem path referencedThe skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
88
89# Unhashed known_hosts → direct IP/hostname list
90awk '{print $1}' ~/.ssh/known_hosts | sort -u← sensitive path — credential-exfiltration vector
91
92# Extract all hostnames/IPs from all users' known_hosts
highSensitive filesystem path referencedThe skill references a path (`\/etc\/shadow`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`\/etc\/shadow`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
117| Location | Contents | Command |
118|---|---|---|
119| `/etc/shadow` | Password hashes | `cat /etc/shadow` (root) |← sensitive path — credential-exfiltration vector
120| `/etc/passwd` | User list, may contain hashes | `cat /etc/passwd` |
121| `.bash_history` | Command history (passwords in cleartext) | `cat /home/*/.bash_history` |
highSensitive filesystem path referencedThe skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
118|---|---|---|
119| `/etc/shadow` | Password hashes | `cat /etc/shadow` (root) |
120| `/etc/passwd` | User list, may contain hashes | `cat /etc/passwd` |← sensitive path — credential-exfiltration vector
121| `.bash_history` | Command history (passwords in cleartext) | `cat /home/*/.bash_history` |
122| `.mysql_history` | MySQL commands with passwords | `cat /home/*/.mysql_history` |
highSensitive filesystem path referencedThe skill references a path (`\/etc\/shadow`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`\/etc\/shadow`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
332│
333├── Root on current host?
334│ ├── Read /etc/shadow → crack hashes → password reuse (§3)← sensitive path — credential-exfiltration vector
335│ ├── Dump /proc/*/environ → find service credentials (§3.2)
336│ ├── Hijack sudo tokens → piggyback admin sessions (§7)
medNo capability manifest declaredThe skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.rule: no-manifest▾
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule:
no-manifestskillox.io/r/crawl-s0jluomcojmiiuuhd536vp9i