Skip to content
ATR-2026-00122highSkill Compromiseexperimental

Weaponized Skill — Agent as Attack Tool

Detects skills that weaponize AI agents for offensive operations. Cato Networks demonstrated deploying MedusaLocker ransomware via a modified Claude skill (Dec 2025, disclosed to Anthropic Oct 30, 2025). The "consent gap" allows approved skills to download/execute code, read env vars, and write files without further prompts. arXiv 2601.17548 documents attack tooling embedded in skills with 41-84% success rates. Real examples include SQLMap workflows, Metasploit payloads, and credential brute-force tools found on skills.sh and ClawHub.

嚴重度
high
類別
Skill Compromise
掃描目標
skill
作者
ATR Community

建議回應

alertalert

參考資料

OWASP Agentic
ASI05:2026 - Unexpected Code ExecutionASI01:2026 - Agent Goal Hijack
OWASP LLM
LLM06:2025 - Excessive Agency
在 GitHub 上查看完整 YAML →

更多 Skill Compromise 規則

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00123highOver-Privileged Skill — Excessive PermissionsATR-2026-00124highSkill Squatting / Typosquatting