ATR-2026-00121criticalSkill Compromiseexperimental

Malicious Code in Skill Package

Detects malicious code patterns in SKILL.md files and associated scripts. 100% of confirmed malicious skills contain malicious code patterns (Snyk ToxicSkills, Feb 2026). Real campaigns: ClawHavoc delivered AMOS infostealer via base64-obfuscated payloads; threat actor "zaycv" published 40+ skills with automated malware generation; password-protected ZIP evasion bypasses static analysis. CVE-2026-25253 (CVSS 8.8): OpenClaw RCE via auth token exfiltration affecting 40,000+ instances.

Severity

critical

Response Actions

block toolalertquarantine session

References

CVE

CVE-2026-25253 (CVSS 8.8) - OpenClaw RCE

OWASP Agentic

ASI04:2026 - Supply Chain CompromiseASI05:2026 - Unexpected Code Execution

OWASP LLM

LLM03:2025 - Supply Chain Vulnerabilities

View full YAML on GitHub →

More Skill Compromise Rules

ATR-2026-00060highMCP Skill Impersonation and Supply Chain Attack ATR-2026-00120criticalSKILL.md Prompt Injection ATR-2026-00122highWeaponized Skill — Agent as Attack Tool ATR-2026-00123highOver-Privileged Skill — Excessive Permissions ATR-2026-00124highSkill Squatting / Typosquatting