AI Threat Alert
ATLAS Landscape
AML.T0104
Publish Poisoned AI Agent Tool
Adversaries may create and publish poisoned AI agent tools. Poisoned tools may contain an [LLM Prompt Injection](/techniques/AML.T0051), which can lead to a variety of impacts. Tools may be published to open source version control repositories (e.g. GitHub, GitLab), to package registries (e.g. npm), or to repositories specifically designed for sharing tools (e.g. OpenClaw Hub). These registries may be largely unregulated and may contain many poisoned tools [\[1\]][1]. Tools may also be published as remotely hosted servers [\[2\]][2]. [1]: https://opensourcemalware.com/blog/clawdbot-skills-ganked-your-crypto [2]: https://mcpservers.org/remote-mcp-servers
5 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-40154 | PraisonAI: supply chain RCE via unverified template exec | PraisonAI | 9.3 |
| HIGH | CVE-2026-39307 | PraisonAI: Zip Slip enables arbitrary file write / RCE | PraisonAI | 8.1 |
| HIGH | CVE-2026-39306 | PraisonAI: recipe path traversal allows arbitrary file write | PraisonAI | 7.3 |
| HIGH | GHSA-jf56-mccx-5f3f | OpenClaw: wake hook trust violation elevates to System prompt | openclaw | — |
| MEDIUM | GHSA-3vvq-q2qc-7rmp | openclaw: no integrity check on ClawHub plugin installs | openclaw | — |