ATR-2026-00064highPrivilege Escalationexperimental
Over-Permissioned MCP Skill
Detects MCP skills that request or exercise permissions far exceeding what their stated function requires. A "spell checker" that requests filesystem write access, network access, and process execution is a strong signal of a trojaned or malicious skill. This rule monitors tool calls for permission-boundary violations.
Severity
high
Category
Privilege Escalation
Scan Target
mcp
Author
ATR Community
Response Actions
block toolalertreduce permissionssnapshot
References
OWASP Agentic
ASI03:2026 - Identity and Privilege Abuse
OWASP LLM
LLM06:2025 - Excessive AgencyLLM03:2025 - Supply Chain Vulnerabilities
MITRE ATLAS
AML.T0040 - AI Model Inference API Access
More Privilege Escalation Rules
ATR-2026-00040criticalPrivilege Escalation and Admin Function AccessATR-2026-00041mediumAgent Scope Creep DetectionATR-2026-00107highPrivilege Escalation via Delayed Task Execution BypassATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code InjectionATR-2026-00111criticalShell Metacharacter Injection in Tool Arguments