{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/attack.t1059.007/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["ai","node.js","supply-chain","attack.execution","attack.t1059.007"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThis brief details a detection for the \u003ccode\u003enpx skills add\u003c/code\u003e command executed via \u003ccode\u003enode.exe\u003c/code\u003e on Windows, a vector identified as a potential supply chain risk in the emerging field of AI agents. Threat actors could exploit this legitimate functionality, designed to enhance AI agents like Claude Code or Cursor with new capabilities, by injecting malicious commands into newly installed skills. These \u0026quot;skill worms\u0026quot; could then be executed by the AI agent, leading to unauthorized actions, data exfiltration, or infrastructure compromise. The detection, first published on 2026-07-01, highlights the importance for organizations to monitor and regulate the installation of AI agent skills, especially given the rising concerns about the integrity and security of AI tooling. This activity, while sometimes legitimate, warrants careful scrutiny due to its high potential for abuse by malicious actors seeking to leverage AI systems for nefarious purposes.\u003c/p\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of this mechanism could lead to severe consequences for organizations leveraging AI agent tooling. By installing malicious \u0026quot;skills,\u0026quot; attackers could gain the ability to execute arbitrary commands within the AI agent's environment, potentially leading to unauthorized data access, intellectual property theft, or further lateral movement within the compromised network. References indicate the risk of \u0026quot;infecting infrastructures via skill worms\u0026quot; and instances where \u0026quot;crypto\u0026quot; was \u0026quot;ganked,\u0026quot; implying financial loss and broader system compromise. The severity of impact depends directly on the privileges and access of the compromised AI agent, which could range from individual user data compromise to widespread network infection if the agent has elevated permissions or broad system access.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the provided Sigma rule to your SIEM solution and configure it for Windows \u003ccode\u003eprocess_creation\u003c/code\u003e logs.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive \u003ccode\u003eprocess_creation\u003c/code\u003e logging on all Windows endpoints to ensure the Sigma rule can effectively monitor \u003ccode\u003enode.exe\u003c/code\u003e executions.\u003c/li\u003e\n\u003cli\u003eImplement strict policies regarding the installation and vetting of AI agent skills within your environment, reviewing any \u0026quot;skills\u0026quot; installed by the \u003ccode\u003enpx skills add\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003eTune the provided Sigma rule based on your organization's specific policies regarding the authorized use of AI agent tooling to reduce false positives while maintaining detection efficacy.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T13:57:46Z","date_published":"2026-07-03T13:57:46Z","id":"https://feed.craftedsignal.io/briefs/2026-07-node-agent-skills-install/","summary":"A new detection identifies the use of `npx skills add` commands via `node.exe` on Windows systems, a potentially abusable mechanism for attackers to install malicious AI agent skills or 'skill worms' that can execute arbitrary commands and infect infrastructure.","title":"New Agent Skills Installation Attempt Via Node.EXE","url":"https://feed.craftedsignal.io/briefs/2026-07-node-agent-skills-install/"}],"language":"en","title":"CraftedSignal Threat Feed - Attack.t1059.007","version":"https://jsonfeed.org/version/1.1"}