mediumexperimentalLinuxAI/MLT1547.001

LLM Runtime Writing New Plugin Or Extension Files

Detects LLM service processes writing files to plugin, extension, MCP, or tools directories. Runtime modification of plugin paths suggests supply chain tampering or a prompt-injection-driven persistence mechanism.

Updated Jan 15, 2025 · Detection Engineering Team

llmpersistencelinuxpluginowasp-llm03

Problem Statement

Plugin and MCP tool directories define the capabilities available to the LLM agent. Runtime writes to these paths indicate an attempt to expand agent capabilities or establish persistence through tool injection.

Sample Logs

{"timestamp":"2025-01-15T11:33:47Z","computer_name":"llm-host-01","user":"llm_svc","image":"/opt/llm/app/plugin_manager.py","target_filename":"/opt/llm/mcp/new_tool.py","event_type":"file_create"}

Required Fields

image

target_filename

user

computer_name

False Positives

·Legitimate plugin installation workflows during LLM service updates
·Approved MCP tool deployment pipelines

Tuning Guidance

Establish a file integrity baseline for plugin directories. Alert on any writes outside approved deployment windows.