Authorized Java Web memory shell detection, triage, decompilation, call-graph review, and in-memory route removal with the local memshell-killer CLI. Use whenever the user mentions Java Web MemShells, in-memory WebShells, suspicious Tomcat/Spring runtime registrations, JVM route dumping, Filter/Listener/Valve/Servlet/Controller/Interceptor inspection, loaded-class decompilation, suspicious class call tracing, or confirmed in-memory route removal from a running JVM. Prefer this skill over ad hoc shell commands for Java Web memshell incident response because it preserves evidence, uses structured CLI output, verifies removals, and keeps operational impact explicit.
2026-05-10