Skip to content
ATR-2026-00121criticalSkill Compromiseexperimental

Malicious Code in Skill Package

Detects malicious code patterns in SKILL.md files and associated scripts. 100% of confirmed malicious skills contain malicious code patterns (Snyk ToxicSkills, Feb 2026). Real campaigns: ClawHavoc delivered AMOS infostealer via base64-obfuscated payloads; threat actor "zaycv" published 40+ skills with automated malware generation; password-protected ZIP evasion bypasses static analysis. CVE-2026-25253 (CVSS 8.8): OpenClaw RCE via auth token exfiltration affecting 40,000+ instances.

嚴重度
critical
類別
Skill Compromise
掃描目標
skill
作者
ATR Community

建議回應

block toolalertquarantine session

參考資料

CVE
CVE-2026-25253 (CVSS 8.8) - OpenClaw RCE
OWASP Agentic
ASI04:2026 - Supply Chain CompromiseASI05:2026 - Unexpected Code Execution
OWASP LLM
LLM03:2025 - Supply Chain Vulnerabilities
在 GitHub 上查看完整 YAML →

更多 Skill Compromise 規則

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive PermissionsATR-2026-00124highSkill Squatting / Typosquatting