Documentation
¶
Overview ¶
Package persistence implements attacks that establish persistent footholds in agent systems through configuration modification, credential harvesting, and multi-step exploitation chains.
Index ¶
- type AgentConfigRewriteModule
- func (m *AgentConfigRewriteModule) Category() common.AttackCategory
- func (m *AgentConfigRewriteModule) Description() string
- func (m *AgentConfigRewriteModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *AgentConfigRewriteModule) Name() string
- func (m *AgentConfigRewriteModule) Techniques() []common.TechniqueInfo
- type CredentialHarvestModule
- func (m *CredentialHarvestModule) Category() common.AttackCategory
- func (m *CredentialHarvestModule) Description() string
- func (m *CredentialHarvestModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *CredentialHarvestModule) Name() string
- func (m *CredentialHarvestModule) Techniques() []common.TechniqueInfo
- type RCEChainModule
- func (m *RCEChainModule) Category() common.AttackCategory
- func (m *RCEChainModule) Description() string
- func (m *RCEChainModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *RCEChainModule) Name() string
- func (m *RCEChainModule) Techniques() []common.TechniqueInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AgentConfigRewriteModule ¶
type AgentConfigRewriteModule struct{}
AgentConfigRewriteModule exploits agents that can modify their own configuration. Instructions cause the agent to rewrite its system prompt or config files, and once rewritten, compromise persists across sessions.
Source: Penligent (https://www.penligent.ai/hackinglabs/the-openclaw-prompt-injection-problem-persistence-tool-hijack-and-the-security-boundary-that-doesnt-exist/)
func (*AgentConfigRewriteModule) Category ¶
func (m *AgentConfigRewriteModule) Category() common.AttackCategory
func (*AgentConfigRewriteModule) Description ¶
func (m *AgentConfigRewriteModule) Description() string
func (*AgentConfigRewriteModule) Execute ¶
func (m *AgentConfigRewriteModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*AgentConfigRewriteModule) Name ¶
func (m *AgentConfigRewriteModule) Name() string
func (*AgentConfigRewriteModule) Techniques ¶
func (m *AgentConfigRewriteModule) Techniques() []common.TechniqueInfo
type CredentialHarvestModule ¶
type CredentialHarvestModule struct{}
CredentialHarvestModule extracts API keys, OAuth tokens, SSH credentials, and other secrets from agent environments. In OpenClaw, agents inherit access to API keys, OAuth tokens, SSH credentials, and browser sessions.
Source: Cubic Security Audit (https://www.cubic.dev/blog/we-found-and-fixed-critical-security-vulnerabilities-in-openclaw)
NOTE: Test payloads use synthetic/placeholder values, never real credentials.
func (*CredentialHarvestModule) Category ¶
func (m *CredentialHarvestModule) Category() common.AttackCategory
func (*CredentialHarvestModule) Description ¶
func (m *CredentialHarvestModule) Description() string
func (*CredentialHarvestModule) Execute ¶
func (m *CredentialHarvestModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*CredentialHarvestModule) Name ¶
func (m *CredentialHarvestModule) Name() string
func (*CredentialHarvestModule) Techniques ¶
func (m *CredentialHarvestModule) Techniques() []common.TechniqueInfo
type RCEChainModule ¶
type RCEChainModule struct{}
RCEChainModule implements multi-step exploitation chains from prompt injection through tool access to remote code execution.
Source: depthfirst CVE-2026-25253 Pattern: 1-click RCE — single webpage visit leads to full host takeover via agent
WARNING: This is the highest blast-radius module. Must run in Docker container with --network=none, read-only filesystem (except /tmp), no host process namespace access.
func (*RCEChainModule) Category ¶
func (m *RCEChainModule) Category() common.AttackCategory
func (*RCEChainModule) Description ¶
func (m *RCEChainModule) Description() string
func (*RCEChainModule) Execute ¶
func (m *RCEChainModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*RCEChainModule) Name ¶
func (m *RCEChainModule) Name() string
func (*RCEChainModule) Techniques ¶
func (m *RCEChainModule) Techniques() []common.TechniqueInfo