New Agent Skills Installation Attempt Via Node.EXE

Detects the attempt to install new skills for AI agents using the "npx skills" command. Agent skills enhance AI agents with new capabilities, but attackers may abuse this mechanism to inject malicious commands executed by the agent on behalf of the user. The "npx skills" command can install skills for various agents (e.g., Claude Code, Cursor, and others). Analysts should review any installed skills to verify their legitimacy. Note: Tune this rule based on whether AI agent tooling is allowed in your environment. In environments where such tooling is authorized, this detection may reflect normal activity and the alert level should be adjusted accordingly. In environments where AI agent tooling is not permitted, this activity is likely suspicious and may require immediate investigation.

Sigma rule (View on GitHub)

 1title: New Agent Skills Installation Attempt Via Node.EXE
 2id: afa71271-6a97-4e47-810f-83120fb1a4ce
 3status: experimental
 4description: |
 5    Detects the attempt to install new skills for AI agents using the "npx skills" command.
 6    Agent skills enhance AI agents with new capabilities, but attackers may abuse this mechanism to inject malicious commands executed by the agent on behalf of the user.
 7    The "npx skills" command can install skills for various agents (e.g., Claude Code, Cursor, and others).
 8    Analysts should review any installed skills to verify their legitimacy.
 9    Note: Tune this rule based on whether AI agent tooling is allowed in your environment.
10    In environments where such tooling is authorized, this detection may reflect normal activity and the alert level should be adjusted accordingly.
11    In environments where AI agent tooling is not permitted, this activity is likely suspicious and may require immediate investigation.    
12references:
13    - https://blog.lukaszolejnik.com/supply-chain-risk-of-agentic-ai-infecting-infrastructures-via-skill-worms/
14    - https://github.com/vercel-labs/skills/blob/1f7fbc8d0e49c4e0601d364696bd1bdd15e80967/README.md
15    - https://opensourcemalware.com/blog/clawdbot-skills-ganked-your-crypto
16    - https://promptintel.novahunting.ai/molt
17author: Marco Pedrinazzi (@pedrinazziM) (InTheCyber)
18date: 2026-02-03
19tags:
20    - attack.execution
21    - attack.t1059.007
22logsource:
23    product: windows
24    category: process_creation
25detection:
26    selection_img:
27        - Image|endswith: '\node.exe'
28        - OriginalFileName: 'node.exe'
29    selection_cli:
30        CommandLine|contains|all:
31            - 'npx-cli.js'
32            - 'skills '
33            - ' add '
34    condition: all of selection_*
35falsepositives:
36    - This rule will be triggered when a new agent skill is installed regardless if it is benign or malicious.
37    - High false positive rate expected in environments where AI agent tooling is authorized and commonly used.
38level: medium
39regression_tests_path: regression_data/rules/windows/process_creation/proc_creation_win_node_new_agent_skills_installed/info.yml

References

Related rules

to-top