[T6.1] Environment Sensing

Detects environment fingerprinting, analysis evasion, and conditional execution based on runtime context.

What It Detects

Environment sensing occurs when a skill attempts to detect whether it is running inside a CI system or analysis environment and alters its behavior accordingly. This includes checking for virtual machine artifacts, specific environment variables, and debugger presence, fingerprinting the host system to tailor payloads, and implementing time-delayed or condition-gated execution to evade dynamic analysis. This is a classic anti-analysis technique used by malware to avoid detection during automated scanning.

Why It Matters

Environment sensing is a red flag for evasion. Skills that alter their behavior based on whether they are being analyzed suggest deliberate concealment of malicious functionality. This is a classic anti-analysis technique: behave normally during testing, activate the payload only in production. While a single environment check may have legitimate purposes, systematic fingerprinting of the execution context is a strong indicator of adversarial intent.

Examples

  • A skill checks process.env.CI and other environment indicators at startup, and only downloads its malicious payload when they are undefined, ensuring the attack code never runs during automated analysis.
  • A dependency reads /proc/cpuinfo and /sys/class/dmi/id/product_name to detect hypervisor signatures, then exits cleanly without performing any malicious action if a virtual machine is detected.
  • A skill implements a 10-minute setTimeout before executing its payload, assuming that most analysis environments terminate execution well before that threshold.

Severity & Impact

  • Severity: LOW to MEDIUM
  • Score impact: -5 to -15 on the code_execution dimension
  • Escalation: Simple environment variable checks are rated LOW, as some may have legitimate purposes (such as adjusting logging verbosity in CI). Systematic fingerprinting of virtualization artifacts or deliberate time-gated execution is rated MEDIUM. Environment sensing alone does not confirm malicious intent, but it is a strong signal of evasion capability. When found alongside other threat findings, it amplifies the severity of the combined assessment, as it suggests the skill is actively trying to hide malicious behavior.

Remediation

Skills should not condition their behavior on the presence or absence of CI or analysis environment indicators. Avoid reading environment variables unrelated to the skill’s functionality. Do not check for virtualization artifacts, debugger presence, or analysis tool signatures. If a skill genuinely needs to adapt to different environments (for example, using a different cache directory in CI), use explicit, documented configuration parameters rather than implicit environment detection. Transparency in behavior across all execution contexts is a core requirement for trustworthy skills.