Skip to content
ATR-2026-00126highSkill Compromiseexperimental

Skill Rug Pull Setup Pattern

Detects SKILL.md files architecturally designed for rug pulls: initially safe content that can be remotely updated to become malicious. Patterns include dynamic code loading from URLs (eval(fetch(...))), base64-decoded execution, post-install hooks with remote payloads, and obfuscated function constructors. True rug pull detection requires comparing hashes over time (TC verdict cache), but this rule catches the setup patterns that make rug pulls possible. Inspired by Claude Code leak analysis and npm supply chain attacks.

嚴重度
high
類別
Skill Compromise
掃描目標
skill
作者
ATR Community

建議回應

alertblock input

參考資料

OWASP Agentic
ASI04:2026 - Agentic Supply Chain Vulnerabilities
OWASP LLM
LLM05:2025 - Supply Chain Vulnerabilities
在 GitHub 上查看完整 YAML →

更多 Skill Compromise 規則

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive Permissions