[T5.2] Denial of Service

Detects fork bombs, infinite loops, disk fills, and resource exhaustion attacks.

What It Detects

Denial of service patterns identify skills that consume excessive system resources, whether intentionally or through negligent code. This includes fork bombs that rapidly spawn processes until the system is overwhelmed, infinite loops that lock up CPU cores, disk fill attacks that write large volumes of data to exhaust storage, memory allocation bombs, and any behavior that degrades or disables the host system. Even unintentional resource exhaustion in a skill is a significant quality and safety concern.

Why It Matters

Resource exhaustion attacks can disable an entire system. Fork bombs, infinite loops, and disk fills do not require network access or elevated privileges — they exploit the fact that a skill runs with the same resources as the host process. A single malicious skill can render a system unresponsive, affecting all other applications and users. Unlike data exfiltration, the impact is immediate and visible.

Examples

  • A skill’s install script contains a bash fork bomb that exponentially spawns processes, consuming all available PIDs and rendering the system unresponsive within seconds.
  • A dependency enters an infinite while(true) loop during import, consuming 100% of a CPU core indefinitely and blocking the host application from proceeding.
  • A postinstall script writes random data in a loop to /tmp, filling the disk partition and causing other applications and system services to fail when they cannot write temporary files.

Severity & Impact

  • Severity: HIGH to CRITICAL
  • Score impact: -25 to -40 on the code_execution dimension
  • Escalation: Fork bombs and disk fill attacks are rated CRITICAL due to immediate system impact. Infinite loops and memory bombs are rated HIGH. Unintentional resource exhaustion from poorly written code (such as an unbounded recursive function) is rated HIGH but may receive a lower penalty if the pattern appears accidental rather than adversarial. Resource exhaustion findings are evaluated independently from intent, since the impact is the same regardless of motive.

Remediation

Ensure all loops have well-defined termination conditions. Avoid recursive patterns without depth limits. Do not spawn processes in unbounded loops. Limit disk writes to reasonable volumes and clean up temporary files. If a skill performs resource-intensive operations, document expected resource consumption in the manifest and implement internal safeguards such as timeouts, maximum iteration counts, and memory budgets. Test skills under resource-constrained environments to catch unintentional exhaustion before publication.