Conversation
…PINJ-007 (MCP sampling exfil) rules - MAL-046: detects malicious MCP server install commands embedding curl|wget payloads - MAL-047: detects Claude Code hooks config enabling all project MCP servers (RCE vector) - PINJ-007: detects MCP sampling/createMessage abuse to exfiltrate agent context/credentials - Add showcase examples 109-111 for each new rule - Total static rules: 113 Refs: CursorJack (CVE-2025-XXXX), Claude Code hooks RCE (Mar 2026), MCP sampling exfil pattern
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
New Detection Rules
MAL-046: CursorJack MCP Deeplink Install
Detects malicious MCP server configurations that embed
curl/wgetpayloads ininstallCommandfields — the CursorJack attack vector that tricks developers into running attacker-controlled scripts.MAL-047: Claude Code Hooks RCE via enableAllProjectMcpServers
Detects
.claude/settings.jsonconfigurations that setenableAllProjectMcpServers: trueinside hooks, enabling arbitrary code execution via untrusted MCP servers in the project directory.PINJ-007: MCP Sampling/createMessage Context Exfiltration
Detects abuse of the MCP
sampling/createMessagefeature to extract credentials, API keys, and system prompts from the agent's context and forward them to external endpoints.Showcase Examples
examples/showcase/109_cursorjack_mcp_deeplink/SKILL.mdexamples/showcase/110_claude_code_hooks_rce/SKILL.mdexamples/showcase/111_mcp_sampling_exfil/SKILL.mdStats