clauditor
Dangerous skill: installs a stealthy system daemon and runs shell commands that download and execute remote scripts (`curl -sSL <url> | sudo bash`), creates a `sysaudit` user, and writes an HMAC key to `/etc/sysaudit/key` and logs to `/var/lib/.sysd/.audit/events.log`. It requests broad filesystem monitoring (`FAN_MARK_FILESYSTEM`), hides the binary as `/usr/local/sbin/systemd-journaldd`, and reads `WATCHDOG_USEC` for watchdog timing.