How does it locate vulnerable software in my infrastructure?

It utilizes the assetquery CLI tool to scan configured providers like AWS, GitHub, and CrowdStrike for specific Package URLs (PURL) or Common Platform Enumerations (CPE).

What platforms does this skill support for escalation research?

The skill provides specialized techniques and research patterns for Linux/Unix (SUID, Sudo), Windows (Token impersonation, DLL hijacking), and Cloud/Container environments (IAM policy abuse, container escape).

Can it help with remediation strategy?

Absolutely. The skill follows an analysis workflow that concludes with prioritized mitigation recommendations based on the exposure, exploit availability, and potential impact on your specific environment.

Does this skill require external API access?

Yes, it integrates with the Mallory API for vulnerability intelligence and requires ambient environment variables for infrastructure providers (e.g., AWS_PROFILE, GITHUB_TOKEN) to perform asset discovery.

Vulnerability Escalation & Analysis

Name: Vulnerability Escalation & Analysis
Author: malloryai

bymalloryai

0•

安全与测试

Analyzes privilege escalation paths and maps vulnerability chains across infrastructure to identify and mitigate security risks.

This skill empowers security professionals and developers to identify, analyze, and mitigate complex security risks by mapping vulnerability chains from initial access to full compromise. It integrates the Mallory API for real-time vulnerability intelligence with asset discovery tools to pinpoint exactly where vulnerable software resides in your environment. By simulating and documenting escalation paths across Linux, Windows, and Cloud platforms, it provides actionable insights into defense-in-depth effectiveness and lateral movement opportunities, helping teams prioritize remediation based on actual exposure.

主要功能

01Infrastructure-wide vulnerability mapping via CPE and PURL lookups

02Prioritized mitigation recommendations based on deployment scope and exploitability

03Real-time integration with Mallory API for exploit and threat intelligence

040 GitHub stars

05Detailed attack chain documentation and lateral movement assessment

06Analysis of privilege escalation techniques for Linux, Windows, and Cloud environments

使用场景

01Identifying and patching vulnerable software across multi-cloud environments during incident response

02Mapping post-exploitation paths to evaluate the effectiveness of defense-in-depth controls

03Performing comprehensive security audits and penetration testing simulations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add malloryai/marketplace vulnerability-escalation

For use in Claude.ai and ChatGPT

Download Skill