[T4.1] File Drops

Detects files created outside the skill directory during install or runtime.

What It Detects

File drops occur when a skill writes files to locations outside its own directory tree. This includes writing to system directories like /usr/local/bin, creating startup scripts in ~/.bashrc or cron directories, dropping binaries into temporary directories for later execution, and planting configuration files that alter system or application behavior. File drops are a persistence mechanism, allowing malicious code to survive skill removal.

Why It Matters

File drops are a persistence mechanism that makes compromise survive skill removal. A skill that writes files outside its own directory can install backdoors, modify system configuration, or plant executables that continue running long after the original skill is uninstalled. File drops transform a temporary installation into a permanent compromise.

Examples

  • A skill’s install script writes a binary to /usr/local/bin/helper and a systemd service file to /etc/systemd/system/, establishing a persistent backdoor that survives package removal.
  • During installation, a dependency appends an export line to ~/.bashrc that modifies PATH to prioritize a directory containing trojanized system utilities.
  • A skill drops a compiled binary into /tmp/.cache_update with execute permissions, then creates a cron job entry to run it every five minutes.

Severity & Impact

  • Severity: HIGH to CRITICAL
  • Score impact: -25 to -50 on the clone_behavior dimension
  • Escalation: Writes to system binary directories or startup configuration files are rated CRITICAL due to persistence implications. Writes to temporary directories without persistence mechanisms are rated HIGH. File drops combined with process spawning (T2.2) indicate a complete implant deployment and trigger maximum penalties.

Remediation

Skills must confine all file operations to their own directory tree. Never write files to system directories, user home directory configuration files, or temporary directories. If a skill needs to generate files during installation (such as compiled assets or configuration), write them within the skill’s own directory structure. Any build artifacts should be clearly documented in the manifest. If a skill legitimately needs to install a global binary, this must be handled through the host application’s sanctioned installation mechanism, not through direct filesystem writes.