Loading...
Loading...
Warning system for identifying potentially malicious software distribution repositories
npx skill4agent add aradotso/security-skills malware-analysis-warningSkill by ara.so — Security Skills collection.
// NEVER execute code from untrusted sources
// Example: Detecting malicious repository patterns
package main
import (
"fmt"
"strings"
)
type RepoRiskAnalysis struct {
Name string
Description string
Topics []string
HasReadme bool
RiskScore int
}
func (r *RepoRiskAnalysis) AssessRisk() string {
riskFactors := []string{}
// Check for crack/keygen keywords
if containsAny(r.Name, []string{"crack", "keygen", "loader", "activated"}) {
r.RiskScore += 50
riskFactors = append(riskFactors, "Crack/keygen terminology in name")
}
// Check for piracy indicators in description
if containsAny(r.Description, []string{"pre-activated", "license key", "full version"}) {
r.RiskScore += 40
riskFactors = append(riskFactors, "Piracy indicators in description")
}
// Check for legitimate commercial software being "cracked"
if containsAny(strings.ToLower(r.Name), []string{"bitdefender", "norton", "kaspersky", "mcafee"}) {
r.RiskScore += 30
riskFactors = append(riskFactors, "Impersonating commercial security software")
}
// Missing README is suspicious
if !r.HasReadme {
r.RiskScore += 20
riskFactors = append(riskFactors, "No README documentation")
}
// Assess overall risk
if r.RiskScore >= 80 {
return fmt.Sprintf("CRITICAL THREAT (Score: %d)\nFactors:\n- %s",
r.RiskScore, strings.Join(riskFactors, "\n- "))
} else if r.RiskScore >= 50 {
return fmt.Sprintf("HIGH RISK (Score: %d)\nFactors:\n- %s",
r.RiskScore, strings.Join(riskFactors, "\n- "))
}
return fmt.Sprintf("Risk Score: %d", r.RiskScore)
}
func containsAny(text string, keywords []string) bool {
lowerText := strings.ToLower(text)
for _, keyword := range keywords {
if strings.Contains(lowerText, strings.ToLower(keyword)) {
return true
}
}
return false
}// GitHub repository scanner for malware patterns
package scanner
import (
"context"
"os"
)
type MalwareScanner struct {
ApiToken string
}
func NewScanner() *MalwareScanner {
return &MalwareScanner{
ApiToken: os.Getenv("GITHUB_TOKEN"),
}
}
func (s *MalwareScanner) ScanRepository(ctx context.Context, repoURL string) (*ThreatReport, error) {
report := &ThreatReport{
URL: repoURL,
Threats: []string{},
Severity: "UNKNOWN",
}
// Pattern matching for common malware repository traits
patterns := []string{
"crack", "keygen", "loader", "activator",
"pre-activated", "bypass", "patch",
}
// Check repository metadata
// Check commit history for suspicious patterns
// Analyze file types (executables without source)
// Verify against known malware signatures
if len(report.Threats) > 3 {
report.Severity = "CRITICAL"
}
return report, nil
}
type ThreatReport struct {
URL string
Threats []string
Severity string
}# Official Bitdefender download (trials available)
# Visit: https://www.bitdefender.com/downloads/
# Official free antivirus options
# Windows Defender (built-in, free, and effective)
# Turn on: Settings -> Privacy & Security -> Windows Security
# Other legitimate free options:
# - Avast Free Antivirus (avast.com)
# - AVG AntiVirus Free (avg.com)
# - Kaspersky Free (kaspersky.com/free-antivirus)# Report to GitHub
# https://github.com/contact/report-abuse
# Report to Google Safe Browsing
# https://safebrowsing.google.com/safebrowsing/report_badware/
# Report to Microsoft
# https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site# For automated scanning tools
export GITHUB_TOKEN="your_token_here"
export VIRUSTOTAL_API_KEY="your_api_key_here"
export MALWARE_DB_URL="https://your-malware-db.example.com"