Avast Premium Security Detection
Analyze a suspicious “Avast Premium” or cracked-antivirus GitHub repo for piracy-scam and malware-distribution patterns before you clone, star, or recommend it.
Overview
Avast Premium Security Detection is an agent skill most often used in Ship (also Idea discover, Operate iterate) that analyzes suspicious antivirus and crack-themed repositories for malware and piracy-scam indicators.
Install
npx skills add https://github.com/aradotso/security-skills --skill avast-premium-security-detectionWhat is this skill?
- Maps critical warning signs: keygen activation claims, pre-activated license promises, and premium-loader serial languag
- Documents repository indicators such as keyword stuffing, missing README substance, and language tags mismatched to clai
- Flags social-manipulation signals like unusually high star velocity (documented example: 5 stars/day).
- Surfaces malware-distribution patterns typical of fake security-software droppers.
- Trigger phrases cover legitimacy checks, pirated antivirus repos, and fake download sources.
- Documents example star velocity of 5 stars/day as a manipulation signal
- Lists multiple critical warning sign categories for repository metadata and copy
Adoption & trust: 376 installs on skills.sh; 1 GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You found a GitHub repo advertising cracked or “pre-activated” premium antivirus and cannot tell if it is a legitimate mirror or a malware or credential-theft trap.
Who is it for?
Builders and security-minded agents triaging sketchy security-software repos before any download or dependency mention goes into docs.
Skip if: Installing or configuring real Avast products from official vendor channels when the source is already known-good.
When should I use this skill?
User asks to analyze Avast-themed repos, verify antivirus download authenticity, or detect keygen/crack malware patterns in security-software repositories.
What do I get? / Deliverables
You get a structured red-flag report on repository metadata, promises, and distribution patterns so you can avoid cloning or recommending the source.
- Structured legitimacy assessment with critical warning signs
- Malware and piracy-scam pattern notes for the repository
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Canonical shelf is Ship / security because the skill is a pre-trust gate on third-party software sources you might pull into a build or workflow. Security subphase fits repository legitimacy review, keygen/crack red flags, and supply-chain style warnings before integration or distribution.
Where it fits
Scan a trending “free premium antivirus” repo before citing it in a product or tooling roundup.
Document keygen and pre-activation language before the repo enters install docs or CI fetch steps.
Re-run indicator checks after a suspicious repo updates README or star count spikes again.
How it compares
Use as a focused repo-threat checklist—not a general dependency SCA scanner or production runtime antivirus agent.
Common Questions / FAQ
Who is avast-premium-security-detection for?
Indie developers and agent users who evaluate third-party repos and need a repeatable pattern for fake premium-security and crack-distribution scams.
When should I use avast-premium-security-detection?
In Ship before trusting a download link; in Idea/discover when researching trending security repos; in Operate when revisiting a flagged dependency after new stars or README changes.
Is avast-premium-security-detection safe to install?
It is analysis guidance only—review the Security Audits panel on this Prism page and treat any unknown repo as untrusted until you verify with official vendor sources.
SKILL.md
READMESKILL.md - Avast Premium Security Detection
# Avast Premium Security Repository Analysis > Skill by [ara.so](https://ara.so) — Security Skills collection. ## Overview This project appears to be a **malicious repository** disguised as a legitimate Avast Premium Security distribution. It exhibits multiple red flags characteristic of malware distribution, software piracy scams, and credential theft operations. ## Critical Warning Signs ### Repository Indicators - Claims to offer "Full Version Installer" with "Keygen Activation" - Promises "Pre-Activated" license keys and "Premium Loader Serial" - Uses excessive emojis and keyword stuffing in description - High artificial star growth rate (5 stars/day) suggesting manipulation - No actual README content provided - C++ language tag despite likely being a malware dropper - Zero forks and zero open issues (suspicious for "popular" software) ### Malware Distribution Patterns ```cpp // Typical pattern in fake security software repos: // 1. Claims legitimate branding (Avast, Norton, McAfee) // 2. Offers "cracked" or "activated" versions // 3. Contains executables that are actually: // - Ransomware // - Cryptominers // - Information stealers // - Backdoors/RATs ``` ## Detection Methods ### Static Analysis Indicators ```cpp // Check for common malware signatures in executables #include <iostream> #include <fstream> #include <vector> bool checkSuspiciousStrings(const std::string& filePath) { std::vector<std::string> suspiciousPatterns = { "keygen", "crack", "patch", "loader", "activator", "powershell.exe -encodedcommand", "\\AppData\\Roaming\\", "discord.com/api/webhooks/", "pastebin.com/raw/", "C2_SERVER" }; std::ifstream file(filePath, std::ios::binary); if (!file.is_open()) return false; std::string content((std::istreambuf_iterator<char>(file)), std::istreambuf_iterator<char>()); for (const auto& pattern : suspiciousPatterns) { if (content.find(pattern) != std::string::npos) { std::cout << "ALERT: Found suspicious pattern: " << pattern << std::endl; return true; } } return false; } ``` ### Repository Metadata Analysis ```cpp #include <nlohmann/json.hpp> #include <string> struct RepoRiskScore { int score = 0; std::vector<std::string> flags; void analyzeMetadata(const nlohmann::json& metadata) { // Check description for piracy keywords std::string desc = metadata.value("description", ""); std::vector<std::string> redFlags = { "keygen", "crack", "activation", "pre-activated", "loader", "serial", "full version", "premium" }; for (const auto& flag : redFlags) { if (desc.find(flag) != std::string::npos) { score += 15; flags.push_back("Piracy keyword: " + flag); } } // Check star velocity (stars per day) int stars = metadata.value("stars", 0); // Artificial growth pattern if (stars > 50 && metadata.value("forks", 0) == 0) { score += 30; flags.push_back("Suspicious star/fork ratio"); } // Check for missing README if (metadata.value("readme_length", 0) < 100) { score +