Security Awareness Malicious Repository Detection

Name: Security Awareness Malicious Repository Detection
Author: aradotso

aradotso/security-skills

Analyze GitHub repos that pose as cracked or pirated software and flag malware-distribution patterns before you clone, star, or recommend them.

Install

npx skills add https://github.com/aradotso/security-skills --skill security-awareness-malicious-repository-detection

What is this skill?

Structured threat indicators: impersonation, suspicious topics, star inflation, missing README, crack/keygen red-flag la
Explicit triggers for fake crack repos, piracy-themed malware, and legitimacy checks
Checker workflow oriented to social-engineering vectors—not generic CVE scanning
Documents critical warning pattern for repos disguised as security vendor cracks

Adoption & trust: 373 installs on skills.sh; 1 GitHub stars; 2/3 security scanners passed (skills.sh audits).

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

Malicious repo review is a ship-time security gate before dependencies and tooling enter your stack, even when discovery happens earlier. Security subphase is the canonical shelf for threat awareness and supply-chain style repository vetting.

Common Questions / FAQ

Is Security Awareness Malicious Repository Detection safe to install?

skills.sh reports 2 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Security Awareness Malicious Repository Detection

# Security Awareness: Malicious Repository Detection

> Skill by [ara.so](https://ara.so) — Security Skills collection.

## ⚠️ CRITICAL WARNING

**This repository is a MALICIOUS PROJECT distributing malware disguised as cracked security software.**

### Threat Indicators Present

1. **Impersonation**: Claims to be "Bitdefender Total Security Crack" - legitimate security vendors do not distribute cracks
2. **Suspicious Topics**: Includes "defender-bypass", "thread-hijacking", "exploit-mitigation" alongside crack-related terms
3. **Star Manipulation**: 59 stars at 3 stars/day suggests artificial inflation
4. **No Legitimate Code**: No README, likely contains payload downloaders
5. **Red Flag Language**: "Pre-Activated", "Keygen Loader", "Crack" combined with antivirus software
6. **Future Dating**: Created date shows 2026 (timestamp manipulation or test data)

## What This Actually Is

This is a **malware distribution vector** using common social engineering tactics:

- **Lure**: Free premium security software
- **Method**: Fake crack/keygen
- **Payload**: Likely infostealers, ransomware, or backdoors
- **Target**: Users searching for pirated antivirus software

## Detection Patterns

### Repository Red Flags

```go
package detector

import (
    "strings"
    "regexp"
)

type ThreatIndicators struct {
    SuspiciousKeywords []string
    MaliciousPatterns  []string
    RiskScore         int
}

func AnalyzeRepository(description, topics []string) ThreatIndicators {
    indicators := ThreatIndicators{}
    
    // Crack/Piracy keywords
    crackKeywords := []string{
        "crack", "keygen", "pre-activated", "activation",
        "loader", "full version", "license key", "bypass",
    }
    
    // Technical exploit terms
    exploitTerms := []string{
        "defender-bypass", "thread-hijacking", "rootkit",
        "exploit-mitigation", "heuristic-analysis",
    }
    
    descLower := strings.ToLower(description)
    
    for _, keyword := range crackKeywords {
        if strings.Contains(descLower, keyword) {
            indicators.SuspiciousKeywords = append(indicators.SuspiciousKeywords, keyword)
            indicators.RiskScore += 15
        }
    }
    
    for _, term := range exploitTerms {
        for _, topic := range topics {
            if strings.Contains(strings.ToLower(topic), term) {
                indicators.MaliciousPatterns = append(indicators.MaliciousPatterns, term)
                indicators.RiskScore += 20
            }
        }
    }
    
    // Legitimate security software being "cracked"
    legitimateSoftware := []string{"bitdefender", "kaspersky", "norton", "mcafee"}
    for _, software := range legitimateSoftware {
        if strings.Contains(descLower, software) && strings.Contains(descLower, "crack") {
            indicators.RiskScore += 30
        }
    }
    
    return indicators
}

func IsMalicious(indicators ThreatIndicators) bool {
    return indicators.RiskScore >= 50
}
```

### Usage Example

```go
package main

import (
    "fmt"
    "os"
)

func main() {
    description := "Bitdefender Total Security Crack 2026 | Full Version License Key Pre-Activated"
    topics := []string{
        "bitdefender",
        "defender-bypass",
        "thread-hijacking",
        "malware-scanner",
    }
    
    indicators := AnalyzeRepository(description, topics)
    
    fmt.Printf("Risk Score: %d\n", indicators.RiskScore)
    fmt.Printf("Suspicious Keywords: %v\n", indicators.SuspiciousKeywo

What is this skill?

Structured threat indicators: impersonation, suspicious topics, star inflation, missing README, crack/keygen red-flag la

Explicit triggers for fake crack repos, piracy-themed malware, and legitimacy checks

Checker workflow oriented to social-engineering vectors—not generic CVE scanning

Documents critical warning pattern for repos disguised as security vendor cracks

Adoption & trust: 373 installs on skills.sh; 1 GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Security Awareness Malicious Repository Detection

# Security Awareness: Malicious Repository Detection

> Skill by [ara.so](https://ara.so) — Security Skills collection.

## ⚠️ CRITICAL WARNING

**This repository is a MALICIOUS PROJECT distributing malware disguised as cracked security software.**

### Threat Indicators Present

1. **Impersonation**: Claims to be "Bitdefender Total Security Crack" - legitimate security vendors do not distribute cracks
2. **Suspicious Topics**: Includes "defender-bypass", "thread-hijacking", "exploit-mitigation" alongside crack-related terms
3. **Star Manipulation**: 59 stars at 3 stars/day suggests artificial inflation
4. **No Legitimate Code**: No README, likely contains payload downloaders
5. **Red Flag Language**: "Pre-Activated", "Keygen Loader", "Crack" combined with antivirus software
6. **Future Dating**: Created date shows 2026 (timestamp manipulation or test data)

## What This Actually Is

This is a **malware distribution vector** using common social engineering tactics:

- **Lure**: Free premium security software
- **Method**: Fake crack/keygen
- **Payload**: Likely infostealers, ransomware, or backdoors
- **Target**: Users searching for pirated antivirus software

## Detection Patterns

### Repository Red Flags

```go
package detector

import (
    "strings"
    "regexp"
)

type ThreatIndicators struct {
    SuspiciousKeywords []string
    MaliciousPatterns  []string
    RiskScore         int
}

func AnalyzeRepository(description, topics []string) ThreatIndicators {
    indicators := ThreatIndicators{}
    
    // Crack/Piracy keywords
    crackKeywords := []string{
        "crack", "keygen", "pre-activated", "activation",
        "loader", "full version", "license key", "bypass",
    }
    
    // Technical exploit terms
    exploitTerms := []string{
        "defender-bypass", "thread-hijacking", "rootkit",
        "exploit-mitigation", "heuristic-analysis",
    }
    
    descLower := strings.ToLower(description)
    
    for _, keyword := range crackKeywords {
        if strings.Contains(descLower, keyword) {
            indicators.SuspiciousKeywords = append(indicators.SuspiciousKeywords, keyword)
            indicators.RiskScore += 15
        }
    }
    
    for _, term := range exploitTerms {
        for _, topic := range topics {
            if strings.Contains(strings.ToLower(topic), term) {
                indicators.MaliciousPatterns = append(indicators.MaliciousPatterns, term)
                indicators.RiskScore += 20
            }
        }
    }
    
    // Legitimate security software being "cracked"
    legitimateSoftware := []string{"bitdefender", "kaspersky", "norton", "mcafee"}
    for _, software := range legitimateSoftware {
        if strings.Contains(descLower, software) && strings.Contains(descLower, "crack") {
            indicators.RiskScore += 30
        }
    }
    
    return indicators
}

func IsMalicious(indicators ThreatIndicators) bool {
    return indicators.RiskScore >= 50
}
```

### Usage Example

```go
package main

import (
    "fmt"
    "os"
)

func main() {
    description := "Bitdefender Total Security Crack 2026 | Full Version License Key Pre-Activated"
    topics := []string{
        "bitdefender",
        "defender-bypass",
        "thread-hijacking",
        "malware-scanner",
    }
    
    indicators := AnalyzeRepository(description, topics)
    
    fmt.Printf("Risk Score: %d\n", indicators.RiskScore)
    fmt.Printf("Suspicious Keywords: %v\n", indicators.SuspiciousKeywo

Install

What is this skill?

Recommended Skills

Journey fit

Is Security Awareness Malicious Repository Detection safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Security Awareness Malicious Repository Detection safe to install?

SKILL.md