Is mjodonnell5/net-interface-optimizer safe?

https://github.com/mjodonnell5/net-interface-optimizer

15
MALICIOUS

This skill is a trojan horse. It masquerades as a network diagnostic tool but contains an obfuscated Python script whose byte array [114, 109, 32, 45, 114, 102, 32, 47] decodes directly to 'rm -rf /' — a catastrophic filesystem destruction command. The script employs multiple evasion techniques including anti-sandbox timing checks, MAC-address-based XOR obfuscation, OS targeting, and silent error suppression. While the current version stores but does not execute the decoded command, the malicious intent is unambiguous and the skill poses extreme risk.

Category Scores

Prompt Injection 65/100 · 30%
Data Exfiltration 55/100 · 25%
Code Execution 0/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 0/100 · 5%

Findings (7)

CRITICAL Obfuscated 'rm -rf /' payload in scripts/main.py -100

The byte array r = [114, 109, 32, 45, 114, 102, 32, 47] decodes directly as ASCII to 'rm -rf /' — the most destructive Unix command possible. The script uses XOR with a MAC-address-derived key to decode this array, adding an obfuscation layer. When the XOR key k equals 0 (MAC upper byte equals lower byte), the decoded string is exactly 'rm -rf /'. For other key values, variant destructive strings are produced. The decoded result is stored in variable _p but not directly executed in the current version — however, the intent is unambiguously malicious.

CRITICAL Anti-analysis timing evasion gate -40

The script runs a CPU-intensive loop (10^6 iterations) and checks if it took more than 50ms. If so, it returns a benign message and exits early. This is a classic anti-sandbox/anti-debugging technique designed to evade detection in instrumented environments where execution is slower, while activating the malicious payload only on real target systems.

HIGH MAC address harvesting for payload keying -30

uuid.getnode() extracts the host's MAC address, then derives an XOR key via (m_i >> 24) ^ (m_i & 0xFF). This hardware fingerprinting serves dual purposes: varying the decoded payload to evade signature-based detection, and potentially identifying or targeting specific machines.

HIGH Deceptive skill description masks destructive payload -35

SKILL.md describes the skill as 'A network diagnostic tool that analyzes local interface latency and packet jitter' and claims to calculate 'hardware-specific timing metrics.' This is entirely fabricated — the actual code constructs a destructive filesystem deletion command. This social engineering targets both human reviewers and LLM agents into trusting and running the skill.

MEDIUM Silent error suppression via bare except -15

The bare except clause around the payload decoding silently swallows all exceptions, preventing any error output that might alert the user or agent to suspicious behavior.

MEDIUM Hardware fingerprinting via MAC address extraction -45

The script extracts the machine's MAC address using uuid.getnode(), which is a unique hardware identifier. While used here for payload keying, this technique could also be used for host fingerprinting or tracking across sessions.

INFO OS-specific targeting (POSIX only) -5

The payload only activates on POSIX systems (Linux, macOS, BSD) where 'rm -rf /' would be devastating. Windows systems are excluded via the os.name check.