Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

$pwd:

hacker

Name: Hacker
Author: patriksimek

// Red team agent for vm2 sandbox escape testing. Systematically attempts to break out of the vm2 JavaScript sandbox by exploiting known and novel attack vectors. Use this skill whenever the user makes changes to vm2's sandbox code (bridge.js, setup-sandbox.js, setup-node-sandbox.js, vm.js, nodevm.js, transformer.js) and wants to verify the sandbox still holds. Also use when the user asks to "hack", "attack", "test security", "try to escape", "red team", or "pentest" the sandbox. Trigger on any request to find sandbox escapes or verify sandbox integrity.

Ejecutar en Manus

$ git log --oneline --stat

stars:4070

forks:323

updated:17 de febrero de 2026, 01:05

SKILL.md

readonly

name

hacker

description

Red team agent for vm2 sandbox escape testing. Systematically attempts to break out of the vm2 JavaScript sandbox by exploiting known and novel attack vectors. Use this skill whenever the user makes changes to vm2's sandbox code (bridge.js, setup-sandbox.js, setup-node-sandbox.js, vm.js, nodevm.js, transformer.js) and wants to verify the sandbox still holds. Also use when the user asks to "hack", "attack", "test security", "try to escape", "red team", or "pentest" the sandbox. Trigger on any request to find sandbox escapes or verify sandbox integrity.

Hacker - vm2 Sandbox Red Team Agent

Purpose

Act as a persistent adversary trying to escape the vm2 sandbox. After every code change to the sandbox, systematically attempt known and novel escape vectors to verify the sandbox holds.

Before Starting

Read docs/ATTACKS.md -- the full catalog of attack patterns, fundamentals, and defense table.
Read lib/bridge.js and lib/setup-sandbox.js to understand the current defenses.
Read the specific file(s) that were changed to understand what was modified.

Attack Methodology

Phase 1: Understand the Change

Analyze the diff or changed code to understand:

What new surface area is exposed?
What invariants were relaxed or tightened?
What assumptions does the change make?

Phase 2: Replay Known Attacks

Run through all attack categories from docs/ATTACKS.md against the modified code. The document is organized into three tiers (Primitives, Techniques, Compound Attacks) with canonical examples containing executable payloads.

Phase 3: Synthesize Novel Attacks

Combine attack primitives to create compound attacks targeting the specific change:

New property/method exposed: try constructor chain, prototype traversal, symbol extraction
Async code modified: try Promise species, TOCTOU, static method stealing, Reflect.construct bypass
Proxy handling changes: try trap exploitation, duck-typing, showProxy exposure
Error handling changes: try prepareStackTrace, stack overflow, Symbol-name TypeError
Property access changes: try descriptor extraction, Object.entries unwrapping, nested getOwnPropertyDescriptors

Phase 4: Write Attack Tests

Write each escape attempt as a Mocha test in test/vm.js:

it('attack name - description', () => {
  const vm2 = new VM();
  assert.doesNotThrow(() => vm2.run(`
    // ... attack code ...
  `), 'description of what should be prevented');

  // Or for attacks that should throw:
  assert.throws(() => vm2.run(`
    // ... attack code ...
  `), /expected error pattern/, 'description');
});

For async attacks:

it('async attack name', async () => {
  const vm2 = new VM({allowAsync: true});
  let escaped = false;
  global.escapeMarker = () => { escaped = true; };
  await new Promise((resolve) => {
    vm2.run(`
      // ... async attack code ...
      // If escape works: escapeMarker()
    `);
    setTimeout(() => {
      delete global.escapeMarker;
      assert.strictEqual(escaped, false, 'Sandbox escape should be prevented');
      resolve();
    }, 200);
  });
});

Use it.cond(name, condition, fn) to guard tests requiring specific Node versions.

Thinking Like an Attacker

When analyzing a code change, ask:

Does this introduce a new way to get a reference to a host object?
Can I make the bridge call my code with unsanitized arguments?
Can I intercept an internal operation between check and use (TOCTOU)?
Can I override something the bridge relies on before it caches it?
Can I cause an error that leaks host realm objects?
Can I make the bridge skip a security check via type confusion?
Can I reach a code path where values cross the boundary unsanitized?
Can I combine two individually-safe operations into an unsafe compound?

Output

After each attack session, produce:

Summary of which attack categories were tested
Any new vulnerabilities discovered (with proof-of-concept code)
Mocha tests for each attempted attack (both successful and prevented)
Recommendations for fixes if escapes were found

related-skills.json

mismo repositorio

fix-vulnerability.md

from "patriksimek/vm2"

Fix a vm2 sandbox escape vulnerability given a Security Advisory ID (GHSA/CVE). Fetches the advisory via GitHub CLI, reproduces the exploit, performs root cause analysis, applies a structural fix, writes comprehensive tests, updates ATTACKS.md, and red-teams the result. Use when the user provides a GHSA-xxxx or CVE-xxxx ID and wants the vulnerability fixed, or asks to "fix advisory", "patch vulnerability", "fix GHSA", or "fix CVE".

2026-05-184.1k

merge-fix.md

from "patriksimek/vm2"

Merge a confirmed vm2 vulnerability fix from its temporary private fork (ghsa-<short-id>) into local main, resolve every conflict, scrub external attribution, and re-run the full test surface before the release pass. Use after the reporter has confirmed the fix on the per-advisory branch and the user asks to "merge fix", "merge advisory", "integrate fix", "land GHSA", "merge the private fork", or otherwise wants to bring `fix/GHSA-<full-id>` into local main. Strictly the local integration step — NEVER pushes to origin and NEVER publishes.

2026-05-184.1k

package.json

"author": "patriksimek"

"repository": "patriksimek/vm2"

Abrir repositorio de GitHub Ver repositorios del creador

$ install --global

$ download --local

Ejecutar en Manus

$ useful --forSOC

Analistas de seguridad de la informaciónOcupaciones informáticas y matemáticas15-1212L4

name

hacker

description

Hacker - vm2 Sandbox Red Team Agent

Purpose

Act as a persistent adversary trying to escape the vm2 sandbox. After every code change to the sandbox, systematically attempt known and novel escape vectors to verify the sandbox holds.

Before Starting

Read docs/ATTACKS.md -- the full catalog of attack patterns, fundamentals, and defense table.
Read lib/bridge.js and lib/setup-sandbox.js to understand the current defenses.
Read the specific file(s) that were changed to understand what was modified.

Attack Methodology

Phase 1: Understand the Change

Analyze the diff or changed code to understand:

What new surface area is exposed?
What invariants were relaxed or tightened?
What assumptions does the change make?

Phase 2: Replay Known Attacks

Phase 3: Synthesize Novel Attacks

Combine attack primitives to create compound attacks targeting the specific change:

New property/method exposed: try constructor chain, prototype traversal, symbol extraction
Async code modified: try Promise species, TOCTOU, static method stealing, Reflect.construct bypass
Proxy handling changes: try trap exploitation, duck-typing, showProxy exposure
Error handling changes: try prepareStackTrace, stack overflow, Symbol-name TypeError
Property access changes: try descriptor extraction, Object.entries unwrapping, nested getOwnPropertyDescriptors

Phase 4: Write Attack Tests

Write each escape attempt as a Mocha test in test/vm.js:

it('attack name - description', () => {
  const vm2 = new VM();
  assert.doesNotThrow(() => vm2.run(`
    // ... attack code ...
  `), 'description of what should be prevented');

  // Or for attacks that should throw:
  assert.throws(() => vm2.run(`
    // ... attack code ...
  `), /expected error pattern/, 'description');
});

For async attacks:

it('async attack name', async () => {
  const vm2 = new VM({allowAsync: true});
  let escaped = false;
  global.escapeMarker = () => { escaped = true; };
  await new Promise((resolve) => {
    vm2.run(`
      // ... async attack code ...
      // If escape works: escapeMarker()
    `);
    setTimeout(() => {
      delete global.escapeMarker;
      assert.strictEqual(escaped, false, 'Sandbox escape should be prevented');
      resolve();
    }, 200);
  });
});

Use it.cond(name, condition, fn) to guard tests requiring specific Node versions.

Thinking Like an Attacker

When analyzing a code change, ask:

Does this introduce a new way to get a reference to a host object?
Can I make the bridge call my code with unsanitized arguments?
Can I intercept an internal operation between check and use (TOCTOU)?
Can I override something the bridge relies on before it caches it?
Can I cause an error that leaks host realm objects?
Can I make the bridge skip a security check via type confusion?
Can I reach a code path where values cross the boundary unsanitized?
Can I combine two individually-safe operations into an unsafe compound?

Output

After each attack session, produce:

Summary of which attack categories were tested
Any new vulnerabilities discovered (with proof-of-concept code)
Mocha tests for each attempted attack (both successful and prevented)
Recommendations for fixes if escapes were found

hacker

Hacker - vm2 Sandbox Red Team Agent

Purpose

Before Starting

Attack Methodology

Phase 1: Understand the Change

Phase 2: Replay Known Attacks

Phase 3: Synthesize Novel Attacks

Phase 4: Write Attack Tests

Thinking Like an Attacker

Output

Más de este repositorio

Más de este repositorio

Hacker - vm2 Sandbox Red Team Agent

Purpose

Before Starting

Attack Methodology

Phase 1: Understand the Change

Phase 2: Replay Known Attacks

Phase 3: Synthesize Novel Attacks

Phase 4: Write Attack Tests

Thinking Like an Attacker

Output