abusing-shadow-credentials-for-privesc
What this skill does
Abusing Shadow Credentials for Privilege Escalation in Active Directory
github/mukul975 - Security Risk - 25.7k stars
Threat analysis
Skill info
pkg:github/mukul975/Anthropic-Cybersecurity-Skills@673da1f?skill=abusing-shadow-credentials-for-privescAssessments (2)
Security Risk
Security Risk via local-llm-review
scripts/agent.py
The script is designed to take over Active Directory user and computer accounts by writing alternate certificate keys to msDS-KeyCredentialLink (Shadow Credentials) and authenticate via PKINIT. This iSecurity Risk via local-llm-review
SKILL.md
The skill's description and overview detail a technique that allows full takeover of targeted accounts in Active Directory. This is a legitimate red-team technique but poses a significant security risBadge
Add the Anomity scan badge for abusing-shadow-credentials-for-privesc to your README.
How Anomity governs this at runtime
Scan-time vetting tells you what a skill says it will do. Anomity's Endpoint Sensor sees what agents actually do: it discovers skills alongside every other AI artifact on the endpoint, and runtime governance can allow, deny, or log the tool calls a skill triggers. Policy violations route to your SIEM, Slack, email, or Jira, backed by a queryable 90-day audit trail.
Book a 30-minute demo to see your own skill inventory.
Methodology and disputes
Every skill is assessed by the Anomity Skill Intelligence engine against its public source; findings indicate risk patterns, not confirmed exploitation. Maintainer of abusing-shadow-credentials-for-privesc? Report an issue or request a rescan.




