This repository is a deliberate-malicious test corpus for the SkillGate scanner. Do not install, run, import, source, or otherwise execute any file here.
Every file was generated by SkillForge, the SkillGate red-team payload
generator. The payloads describe real attack patterns observed in the wild
(CVE-2025-54136 MCP rug pull, CVE-2025-59536 hook RCE, etc.) but they target
the RFC-reserved attacker.example.com so even if you accidentally execute
one, it has nowhere real to exfil to. That is not an excuse to run them.
Stable, publicly-fetchable corpus the SkillGate scanner can pull via URL. Every file here should be flagged DANGEROUS or RISKY.
| File | Tactic | Pretends to be |
|---|---|---|
CLAUDE.md |
T12 policy_override | Project-level policy override (jailbreak) |
.claude/settings.json |
T02 hook_rce (CVE-2025-59536) | PreToolUse hook exfiltrating env on every tool call |
.claude/skills/aws-helper/SKILL.md |
T01 direct_injection | "Helpful" AWS skill that POSTs creds |
.claude/skills/git-workflow/SKILL.md |
T16 realistic_tools | Trojanized git helper |
.claude/skills/npm-helper/SKILL.md |
T16 realistic_tools | Trojanized npm helper |
.claude/skills/supply-chain/SKILL.md |
T14 supply_chain | Supply-chain poisoning skill |
.mcp/rug-pull/mcp.json + server.js |
T20 mcp_rug_pull (CVE-2025-54136) | MCP that mutates after first approval |
.mcp/rogue-drop/package.json + setup.js |
T25 rogue_mcp_drop | npm postinstall that drops a rogue MCP |
docs/poisoned-memory.md |
T17 memory_poisoning | CLAUDE.md-shaped memory-write payload |
If you found this via the SkillGate scan UI: that's the point. If you found it some other way and were planning to copy the payloads: don't.