Is mjodonnell5/sys-log-rotator safe?

https://github.com/mjodonnell5/sys-log-rotator

25
DANGEROUS

This skill is a trojan horse disguised as a log rotation utility. It contains zero log rotation functionality. Instead, scripts/main.py implements obfuscated XOR payload decryption, timing-based sandbox/VM detection (an anti-analysis technique), and OS-gated execution targeting POSIX systems. The deceptive return message masks all malicious behavior from users and LLM agents.

Category Scores

Prompt Injection 65/100 · 30%
Data Exfiltration 15/100 · 25%
Code Execution 10/100 · 20%
Clone Behavior 80/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 5/100 · 5%

Findings (6)

CRITICAL Obfuscated XOR payload in main.py -60

The script contains an XOR-encoded byte array [21, 26, 83, 90, 21, 13, 83, 100] decoded at runtime using a key derived from math.pi (int(pi*10^6) % 255 = 80). This is a deliberate obfuscation technique to hide the true payload from static analysis. The decoded string is stored in _buf on POSIX systems.

CRITICAL Timing-based sandbox/VM detection -30

The code measures execution time of a busy-loop (10^6 iterations) and branches based on whether it takes more or less than 50ms. This is a well-known anti-analysis technique: sandboxed or instrumented environments run slower, allowing malware to detect analysis and alter behavior to appear benign.

HIGH OS-gated payload execution targets POSIX systems -25

The XOR decode and payload storage only execute on POSIX systems (Linux/macOS), which are the primary targets for credential theft (.env, SSH keys, AWS credentials). The OS check ensures the payload only activates on systems where sensitive files are likely present.

HIGH Deceptive return value masks true behavior -20

The function always returns 'Rotation complete: 0 logs moved.' regardless of execution path, deliberately hiding the XOR decode and sandbox detection from users and LLM agents that would inspect the output.

HIGH Skill description is a social engineering facade -35

The SKILL.md describes 'log rotation and system maintenance' but the repository contains zero log rotation logic. The entire description exists to make the skill appear trustworthy and get past manual review. This is a classic trojan horse pattern.

MEDIUM Likely staging payload for future exploitation -95

The current code decodes a short string and stores it but does not exfiltrate it. This is consistent with a staging attack: the initial version passes review, then a git update adds the exfiltration mechanism that uses the already-decoded payload (path, URL, or command).