Problem
Rule MALWAR-PERSIST-002 (file system modification detection) triggers on Anthropic's official skill-creator skill, which is benign. The rule flags lines 91-92 which contain documentation about file management best practices — not actual file system modification commands.
Scan output:
anthropic_skill_creator.md → MALICIOUS (risk: 100)
MALWAR-PERSIST-002 at L91: "If files are large (>10k words), include grep search patterns in SKILL.md"
MALWAR-PERSIST-002 at L92: "Information should live in either SKILL.md or references files, not both"
Expected Behavior
This skill should be rated CLEAN. The rule should distinguish between actual commands that modify files and documentation text that mentions files.
How to Fix
- Look at the rule definition for
MALWAR-PERSIST-002 in src/malwar/rules/
- The regex pattern is too broad — it matches the word "file" in general documentation context
- Tighten the pattern to require actual command syntax (e.g.,
mkdir, mv, cp, write_to, shell redirects) rather than prose mentioning files
- Add
tests/fixtures/skills/real/benign/anthropic_skill_creator.md as a regression test
Test File
The skill that triggers this false positive is at: tests/fixtures/skills/real/benign/anthropic_skill_creator.md
Problem
Rule
MALWAR-PERSIST-002(file system modification detection) triggers on Anthropic's officialskill-creatorskill, which is benign. The rule flags lines 91-92 which contain documentation about file management best practices — not actual file system modification commands.Scan output:
Expected Behavior
This skill should be rated CLEAN. The rule should distinguish between actual commands that modify files and documentation text that mentions files.
How to Fix
MALWAR-PERSIST-002insrc/malwar/rules/mkdir,mv,cp,write_to, shell redirects) rather than prose mentioning filestests/fixtures/skills/real/benign/anthropic_skill_creator.mdas a regression testTest File
The skill that triggers this false positive is at:
tests/fixtures/skills/real/benign/anthropic_skill_creator.md