ATR-2026-00126highSkill Compromiseexperimental

Skill Rug Pull Setup Pattern

Detects SKILL.md files architecturally designed for rug pulls: initially safe content that can be remotely updated to become malicious. Patterns include dynamic code loading from URLs (eval(fetch(...))), base64-decoded execution, post-install hooks with remote payloads, and obfuscated function constructors. True rug pull detection requires comparing hashes over time (TC verdict cache), but this rule catches the setup patterns that make rug pulls possible. Inspired by Claude Code leak analysis and npm supply chain attacks.

Severity

high

Response Actions

alertblock input

References

OWASP Agentic

ASI04:2026 - Agentic Supply Chain Vulnerabilities

OWASP LLM

LLM05:2025 - Supply Chain Vulnerabilities

View full YAML on GitHub →

More Skill Compromise Rules

ATR-2026-00060highMCP Skill Impersonation and Supply Chain Attack ATR-2026-00120criticalSKILL.md Prompt Injection ATR-2026-00121criticalMalicious Code in Skill Package ATR-2026-00122highWeaponized Skill — Agent as Attack Tool ATR-2026-00123highOver-Privileged Skill — Excessive Permissions