Documentation
¶
Overview ¶
Package skill_injection implements attacks targeting agent skill/plugin marketplaces and loading mechanisms.
Agent frameworks like OpenClaw allow loading external skills that inherit system-wide permissions. These attacks exploit marketplace trust and skill loading for persistent compromise.
Index ¶
- type SkillPoisoningModule
- func (m *SkillPoisoningModule) Category() common.AttackCategory
- func (m *SkillPoisoningModule) Description() string
- func (m *SkillPoisoningModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *SkillPoisoningModule) Name() string
- func (m *SkillPoisoningModule) Techniques() []common.TechniqueInfo
- type SkillTakeoverChainModule
- func (m *SkillTakeoverChainModule) Category() common.AttackCategory
- func (m *SkillTakeoverChainModule) Description() string
- func (m *SkillTakeoverChainModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *SkillTakeoverChainModule) Name() string
- func (m *SkillTakeoverChainModule) Techniques() []common.TechniqueInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SkillPoisoningModule ¶
type SkillPoisoningModule struct{}
SkillPoisoningModule tests for malicious skill/plugin injection in agent marketplaces. OpenClaw analysis found ~900 malicious skills (20% of total packages), auto-deployed via scripts.
Source: Kaspersky OpenClaw Analysis (https://www.kaspersky.com/blog/openclaw-vulnerabilities-exposed/55263/)
func (*SkillPoisoningModule) Category ¶
func (m *SkillPoisoningModule) Category() common.AttackCategory
func (*SkillPoisoningModule) Description ¶
func (m *SkillPoisoningModule) Description() string
func (*SkillPoisoningModule) Execute ¶
func (m *SkillPoisoningModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*SkillPoisoningModule) Name ¶
func (m *SkillPoisoningModule) Name() string
func (*SkillPoisoningModule) Techniques ¶
func (m *SkillPoisoningModule) Techniques() []common.TechniqueInfo
type SkillTakeoverChainModule ¶
type SkillTakeoverChainModule struct{}
SkillTakeoverChainModule chains indirect prompt injection via URL summarization into config file modification for permanent compromise.
Source: Penligent OpenClaw Research (https://www.penligent.ai/hackinglabs/the-openclaw-prompt-injection-problem-persistence-tool-hijack-and-the-security-boundary-that-doesnt-exist/)
func (*SkillTakeoverChainModule) Category ¶
func (m *SkillTakeoverChainModule) Category() common.AttackCategory
func (*SkillTakeoverChainModule) Description ¶
func (m *SkillTakeoverChainModule) Description() string
func (*SkillTakeoverChainModule) Execute ¶
func (m *SkillTakeoverChainModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*SkillTakeoverChainModule) Name ¶
func (m *SkillTakeoverChainModule) Name() string
func (*SkillTakeoverChainModule) Techniques ¶
func (m *SkillTakeoverChainModule) Techniques() []common.TechniqueInfo