Back to Details

avast-security-awareness

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Avast Security Awareness Skill

Avast安全意识技能

Skill by ara.so — Security Skills collection.
ara.so提供的技能——安全技能合集。

⚠️ Critical Security Warning

⚠️ 严重安全警告

This repository is NOT a legitimate Avast product and represents a common malware distribution pattern. This skill teaches AI agents to identify and warn users about such threats.
本仓库并非合法的Avast产品,它代表了一种常见的恶意软件分发模式。本技能旨在教导AI Agent识别此类威胁并向用户发出警告。

What This Skill Does

本技能的作用

This skill enables AI coding agents to:
  • Recognize malicious software distribution repositories
  • Identify red flags in repository descriptions and content
  • Educate users on safe software acquisition practices
  • Prevent installation of potentially malicious software
  • Guide users to legitimate security software sources
本技能使AI编码Agent能够:
  • 识别恶意软件分发仓库
  • 识别仓库描述和内容中的危险信号
  • 向用户传授安全的软件获取规范
  • 防止安装潜在恶意软件
  • 引导用户前往合法的安全软件来源

Identifying Malicious Repository Patterns

识别恶意仓库模式

Red Flags Present in This Repository

本仓库中存在的危险信号

  1. Suspicious Keywords: "Keygen", "Crack", "Pre-Activated", "Loader", "Serial"
  2. Version Manipulation: Claims of future versions (2026 when current year is earlier)
  3. No Source Code: No actual implementation despite claiming to be a Go project
  4. Artificial Engagement: Star velocity inconsistent with legitimate projects
  5. Missing Documentation: No README or legitimate setup instructions
  6. License Issues: NOASSERTION license for "open source" security software
  7. Mismatched Topics: Topics like "retdec" unrelated to described functionality
  1. 可疑关键词:"Keygen"、"Crack"、"Pre-Activated"、"Loader"、"Serial"
  2. 版本篡改:声称提供未来版本(例如当前年份早于2026年却声称是2026版)
  3. 无源代码:尽管声称是Go项目,但无实际实现代码
  4. 虚假互动量:Star增长速度与合法项目不符
  5. 缺失文档:无README或合法的安装说明
  6. 许可证问题:声称是“开源”安全软件却使用NOASSERTION许可证
  7. 主题不匹配:包含与描述功能无关的主题(如"retdec")

Detection Code Example (Go)

检测代码示例(Go)

go
package malwaredetect

import (
    "strings"
    "regexp"
)

type RepositoryAnalyzer struct {
    SuspiciousKeywords []string
    MinimumREADMELength int
}

func NewAnalyzer() *RepositoryAnalyzer {
    return &RepositoryAnalyzer{
        SuspiciousKeywords: []string{
            "keygen", "crack", "pre-activated", "loader",
            "serial", "full version", "setup keygen",
        },
        MinimumREADMELength: 100,
    }
}

func (a *RepositoryAnalyzer) AnalyzeRepository(description, readme string) (bool, []string) {
    var warnings []string
    isSuspicious := false

    // Check for suspicious keywords
    descLower := strings.ToLower(description)
    for _, keyword := range a.SuspiciousKeywords {
        if strings.Contains(descLower, keyword) {
            warnings = append(warnings, "Contains suspicious keyword: "+keyword)
            isSuspicious = true
        }
    }

    // Check for missing or minimal README
    if len(readme) < a.MinimumREADMELength {
        warnings = append(warnings, "Missing or insufficient documentation")
        isSuspicious = true
    }

    // Check for premium software offered for free
    premiumPattern := regexp.MustCompile(`(?i)(premium|pro|full version).*free`)
    if premiumPattern.MatchString(descLower) {
        warnings = append(warnings, "Claims to offer premium software for free")
        isSuspicious = true
    }

    return isSuspicious, warnings
}

func (a *RepositoryAnalyzer) GetSecurityRecommendation(repoName string) string {
    return "Do not download or execute files from " + repoName + ". " +
           "Obtain security software only from official vendor websites."
}
go
package malwaredetect

import (
    "strings"
    "regexp"
)

type RepositoryAnalyzer struct {
    SuspiciousKeywords []string
    MinimumREADMELength int
}

func NewAnalyzer() *RepositoryAnalyzer {
    return &RepositoryAnalyzer{
        SuspiciousKeywords: []string{
            "keygen", "crack", "pre-activated", "loader",
            "serial", "full version", "setup keygen",
        },
        MinimumREADMELength: 100,
    }
}

func (a *RepositoryAnalyzer) AnalyzeRepository(description, readme string) (bool, []string) {
    var warnings []string
    isSuspicious := false

    // Check for suspicious keywords
    descLower := strings.ToLower(description)
    for _, keyword := range a.SuspiciousKeywords {
        if strings.Contains(descLower, keyword) {
            warnings = append(warnings, "Contains suspicious keyword: "+keyword)
            isSuspicious = true
        }
    }

    // Check for missing or minimal README
    if len(readme) < a.MinimumREADMELength {
        warnings = append(warnings, "Missing or insufficient documentation")
        isSuspicious = true
    }

    // Check for premium software offered for free
    premiumPattern := regexp.MustCompile(`(?i)(premium|pro|full version).*free`)
    if premiumPattern.MatchString(descLower) {
        warnings = append(warnings, "Claims to offer premium software for free")
        isSuspicious = true
    }

    return isSuspicious, warnings
}

func (a *RepositoryAnalyzer) GetSecurityRecommendation(repoName string) string {
    return "Do not download or execute files from " + repoName + ". " +
           "Obtain security software only from official vendor websites."
}

Safe Security Software Practices

安全软件使用规范

Legitimate Sources

合法来源

Always obtain security software from:
go
package securitysources

var LegitimateSecurityVendors = map[string]string{
    "Avast": "https://www.avast.com/",
    "Norton": "https://www.norton.com/",
    "Bitdefender": "https://www.bitdefender.com/",
    "Kaspersky": "https://www.kaspersky.com/",
    "ESET": "https://www.eset.com/",
}

func GetOfficialDownloadURL(vendor string) (string, bool) {
    url, exists := LegitimateSecurityVendors[vendor]
    return url, exists
}
始终从以下渠道获取安全软件:
go
package securitysources

var LegitimateSecurityVendors = map[string]string{
    "Avast": "https://www.avast.com/",
    "Norton": "https://www.norton.com/",
    "Bitdefender": "https://www.bitdefender.com/",
    "Kaspersky": "https://www.kaspersky.com/",
    "ESET": "https://www.eset.com/",
}

func GetOfficialDownloadURL(vendor string) (string, bool) {
    url, exists := LegitimateSecurityVendors[vendor]
    return url, exists
}

User Warning System

用户警告系统

go
package userwarning

import (
    "fmt"
    "os"
)

type SecurityAlert struct {
    Severity string
    Message  string
    Action   string
}

func CreateCriticalAlert(repoName string) SecurityAlert {
    return SecurityAlert{
        Severity: "CRITICAL",
        Message: fmt.Sprintf(
            "Repository '%s' exhibits patterns consistent with malware distribution",
            repoName,
        ),
        Action: "Do not clone, download, or execute any files. Report repository to platform.",
    }
}

func DisplayAlert(alert SecurityAlert) {
    fmt.Fprintf(os.Stderr, "\n🚨 [%s] SECURITY ALERT\n", alert.Severity)
    fmt.Fprintf(os.Stderr, "⚠️  %s\n", alert.Message)
    fmt.Fprintf(os.Stderr, "✋ ACTION REQUIRED: %s\n\n", alert.Action)
}
go
package userwarning

import (
    "fmt"
    "os"
)

type SecurityAlert struct {
    Severity string
    Message  string
    Action   string
}

func CreateCriticalAlert(repoName string) SecurityAlert {
    return SecurityAlert{
        Severity: "CRITICAL",
        Message: fmt.Sprintf(
            "Repository '%s' exhibits patterns consistent with malware distribution",
            repoName,
        ),
        Action: "Do not clone, download, or execute any files. Report repository to platform.",
    }
}

func DisplayAlert(alert SecurityAlert) {
    fmt.Fprintf(os.Stderr, "\n🚨 [%s] SECURITY ALERT\n", alert.Severity)
    fmt.Fprintf(os.Stderr, "⚠️  %s\n", alert.Message)
    fmt.Fprintf(os.Stderr, "✋ ACTION REQUIRED: %s\n\n", alert.Action)
}

Agent Response Pattern

Agent响应模板

When a user asks about this or similar repositories:
go
package agentresponse

import "fmt"

func RespondToSuspiciousRepo(repoURL string) string {
    return fmt.Sprintf(`⛔ SECURITY WARNING ⛔

The repository at %s appears to be a malware distribution site.

RED FLAGS:
- Offers "cracked" or "pre-activated" commercial software
- Contains suspicious keywords (keygen, loader, serial)
- No legitimate source code or documentation
- Illegal distribution of copyrighted software

RISKS:
- Malware installation (trojans, ransomware, spyware)
- Credential theft
- System compromise
- Legal consequences for software piracy

SAFE ALTERNATIVE:
Visit the official Avast website: https://www.avast.com/
Use free legitimate versions or purchase licenses directly.

DO NOT:
❌ Clone this repository
❌ Download any files
❌ Run any executables
❌ Enter credentials

DO:
✅ Report this repository to GitHub
✅ Use official software sources only
✅ Keep your antivirus updated from legitimate sources
`, repoURL)
}
当用户询问本仓库或类似仓库时:
go
package agentresponse

import "fmt"

func RespondToSuspiciousRepo(repoURL string) string {
    return fmt.Sprintf(`⛔ SECURITY WARNING ⛔

The repository at %s appears to be a malware distribution site.

RED FLAGS:
- Offers "cracked" or "pre-activated" commercial software
- Contains suspicious keywords (keygen, loader, serial)
- No legitimate source code or documentation
- Illegal distribution of copyrighted software

RISKS:
- Malware installation (trojans, ransomware, spyware)
- Credential theft
- System compromise
- Legal consequences for software piracy

SAFE ALTERNATIVE:
Visit the official Avast website: https://www.avast.com/
Use free legitimate versions or purchase licenses directly.

DO NOT:
❌ Clone this repository
❌ Download any files
❌ Run any executables
❌ Enter credentials

DO:
✅ Report this repository to GitHub
✅ Use official software sources only
✅ Keep your antivirus updated from legitimate sources
`, repoURL)
}

Reporting Malicious Repositories

举报恶意仓库

bash
undefined
bash
undefined

Report to GitHub (use web interface)

Report to GitHub (use web interface)

Navigate to repository → Settings → Report content

Navigate to repository → Settings → Report content

Verify legitimate software signatures

Verify legitimate software signatures

Windows example:

Windows example:

signtool verify /pa /v "downloaded_file.exe"
signtool verify /pa /v "downloaded_file.exe"

Check file hash against official vendor checksums

Check file hash against official vendor checksums

Linux/macOS:

Linux/macOS:

sha256sum downloaded_file.exe
sha256sum downloaded_file.exe

Compare with official vendor website hash

Compare with official vendor website hash

undefined
undefined

Environment Variables for Security Checks

安全检查环境变量

bash
undefined
bash
undefined

Configure security scanning thresholds

Configure security scanning thresholds

export MALWARE_SCAN_ENABLED=true export REPO_VERIFICATION_LEVEL=strict export WARN_ON_MISSING_README=true export BLOCK_KEYGEN_KEYWORDS=true
undefined
export MALWARE_SCAN_ENABLED=true export REPO_VERIFICATION_LEVEL=strict export WARN_ON_MISSING_README=true export BLOCK_KEYGEN_KEYWORDS=true
undefined

Conclusion

总结

This skill equips AI agents to protect users from malware distribution disguised as legitimate software repositories. Always prioritize user safety by identifying threats and providing secure alternatives.
Remember: Legitimate security software vendors never distribute through unofficial GitHub repositories with activation cracks or keygens.
本技能使AI Agent能够保护用户免受伪装成合法软件仓库的恶意软件分发威胁。始终通过识别威胁并提供安全替代方案来优先保障用户安全。
谨记:合法的安全软件供应商绝不会通过带有激活破解工具或注册机的非官方GitHub仓库分发软件。