Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Sooner or later, it will get caught. The auto-obfuscate function is there to assist you, not to do the job for you. Also, the obfuscated payload variations are random, it's possible that some of the generated payloads are detectable. I made a video yesterday about manually obfuscating powershell, you can get some ideas of what to do to bypass AMSI -> https://www.youtube.com/watch?v=iElVfagdCD4
Sooner or later, it will get caught. The auto-obfuscate function is there to assist you, not to do the job for you. Also, the obfuscated payload variations are random, it's possible that some of the generated payloads are detectable. I made a video yesterday about manually obfuscating powershell, you can get some ideas of what to do to bypass AMSI -> https://www.youtube.com/watch?v=iElVfagdCD4