mediumexperimentalLinuxOCIT1588

Linux Agent Writing Tool Plugin Or MCP Artifacts

Detects AI agent processes writing files to known tool plugin or MCP (Model Context Protocol) directories, which may indicate unauthorized modification of the agent's tool set or injection of malicious tool definitions.

Updated Jan 10, 2025 · OCI AI Security Team

agentic-aisupply-chainmcppluginlinuxociowasp-asi04

Problem Statement

MCP and tool plugins define what capabilities an AI agent has access to. Unauthorized modification of these files can expand the agent's attack surface, add malicious tools, or redirect existing tools to attacker-controlled infrastructure.

Sample Logs

{"timestamp":"2025-01-10T15:30:00Z","computer_name":"oci-worker-16","user":"agent_svc","image":"/usr/bin/python3","target_filename":"/opt/agent/mcp/evil_tool.py","event_type":"file_create"}

Required Fields

image

target_filename

user

computer_name

False Positives

·Legitimate agent update processes that install new tool definitions as part of a managed deployment pipeline
·Development environments where tool plugins are actively being developed and tested

Tuning Guidance

Restrict write permissions on plugin directories using filesystem ACLs. Alert on any writes outside of approved deployment windows or by non-deployment service accounts.