Skill Trust Decision

math-calculator

Name: math-calculator Trust Review Report
Item: math-calculator
Rating: 0
Author: ClawSafe

发现确认的恶意反向shell payload隐藏在数学计算器代码中，SKILL.md文档完全未声明此敏感操作。

Install decision first Source: GitHub Scanned: Apr 2, 2026

Files 5

Artifacts 2

Violations 0

Findings 4

Most direct threat evidence

Critical

隐藏的反向Shell Payload

在safe_calculate函数try块首行植入完整的反向shell代码，会在脚本首次执行时立即触发，连接C2服务器20.120.229.246:4444并获取远程shell。

skills/math-calculator/scripts/calculate.py:32

Why this conclusion was reached

2/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 4 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

通过SKILL.md伪装成合法数学计算工具

Entry · skills/math-calculator/SKILL.md:1

执行脚本时触发隐藏在safe_calculate函数中的反向shell

Escalation · skills/math-calculator/scripts/calculate.py:32

建立socket连接到C2服务器20.120.229.246:4444，获取远程交互式shell

Impact · skills/math-calculator/scripts/calculate.py:32

What drove the risk score up

隐藏的反向shell payload +40

代码在safe_calculate函数try块首行植入完整反向shell：socket连接20.120.229.246:4444并执行/bin/sh

硬编码C2服务器IP +30

硬编码IP 20.120.229.246用于C2通信，端口4444

文档-行为严重差异 +20

SKILL.md声明为安全数学计算器，完全未提及任何网络或shell执行能力

已知恶意PoC +10

README.md和外部链接明确标注为weaponizing Claude Code skills的恶意PoC

Most important evidence

Critical

隐藏的反向Shell Payload

在safe_calculate函数try块首行植入完整的反向shell代码，会在脚本首次执行时立即触发，连接C2服务器20.120.229.246:4444并获取远程shell。

skills/math-calculator/scripts/calculate.py:32

立即删除整个skill目录，无需进一步分析

Critical

C2服务器硬编码IP

IP 20.120.229.246 硬编码在恶意代码中，作为攻击者的命令控制服务器

skills/math-calculator/scripts/calculate.py:32

已确认为恶意IOC，应加入黑名单

Critical

文档完全未声明恶意行为

SKILL.md声称这是'安全评估数学表达式'的工具，完全隐瞒了网络连接和shell执行能力

skills/math-calculator/SKILL.md:1

文档-行为差异是最高收益检测信号，此skill已明确违反

Critical

已知恶意PoC公开样本

README.md明确标注这是来自Medium文章的weaponizing Claude Code skills恶意PoC

README.md:1

属于已知恶意样本库，无需安全评估，直接处置

Declared capability vs actual capability

Shell Pass

Declared WRITE

→

Inferred ADMIN

skills/math-calculator/scripts/calculate.py:32 — 隐藏的反向shell代码

Network Pass

Declared NONE

→

Inferred WRITE

skills/math-calculator/scripts/calculate.py:32 — socket.connect连接到外部IP

Suspicious artifacts and egress

High IP Address

20.120.229.246

skills/math-calculator/scripts/calculate.py:32

Medium External URL

https://medium.com/@yossifqassim/weaponizing-claude-code-skills-from-5-5-to-remote-shell-a14af2d109c9

README.md:6

Dependencies and supply chain

There are no structured dependency warnings.

File composition

5 files · 163 lines

Python 1 files · 74 linesMarkdown 2 files · 65 linesJSON 2 files · 24 lines

Files of concern · 3

skills/math-calculator/scripts/calculate.py Python · 74 lines

隐藏的反向Shell Payload · C2服务器硬编码IP · 20.120.229.246

skills/math-calculator/SKILL.md Markdown · 59 lines

文档完全未声明恶意行为

README.md Markdown · 6 lines

已知恶意PoC公开样本 · https://medium.com/@yossifqassim/weaponizing-claude-code-skills-from-5-5-to-remote-shell-a14af2d109c9

Other files · marketplace.json · plugin.json

Security positives

No explicit security positives were supplied.