Flows category icon
Agent QA & Security
Advanced

Detect Command Obfuscation and Parser-Mismatch Attacks

Catch the attacks your parser cannot see: quote-concatenation flags, ANSI-C quoting, brace expansion, and escaped operators that make bash execute something your checks never inspected.

4 steps12 verify checks120-180 minutesWorks with: emergent · chatgpt · claude · cursor
Start Guided Walkthrough

The Route

0/4 verified

Context Pack

Paste this first. It briefs the AI on requirements, constraints, and the Definition of Done before your first build prompt.

Context Pack
PROJECT CONTEXT:
My agent's command checks parse a command one way, but bash executes it another - quote tricks and expansions smuggle flags and operators straight past validation. Claude Code dedicates its most complex validators to exactly this gap, using multi-view quote extraction and layered pattern checks.

GOAL:
Build obfuscation defenses: multi-view quote extraction, detection for quote-trick flag smuggling, and checks for parser-vs-shell divergence (brace expansion, escaped operators).

REQUIREMENTS:
- Quote extraction producing at least three views: double-quotes kept, fully unquoted, quote characters preserved
- Detection of flag-smuggling tricks: ANSI-C quoting, empty-quote concatenation, quote chains, triple quotes
- Detection of parser-mismatch primitives: brace expansion and backslash-escaped operators
- A quote-state tracker handling the escape-before-toggle ordering correctly
- A regression corpus of obfuscation variants that grows with every new discovery

CONSTRAINTS:
- When a pattern is ambiguous, ask - a rare extra confirmation beats a missed attack
- Detect on the ORIGINAL command string as well as parsed forms; normalization destroys evidence

DEFINITION OF DONE:
- Each documented obfuscation family has a firing detector with tests
- A command that bash would split differently than the parser triggers a misparse-severity ask
- The quote-state tracker passes escape-sequence edge cases (escaped quote inside double quotes)
- New variants can be added to the corpus and covered without rewriting existing detectors

COMMON FAILURES TO AVOID:
- Checking only the parsed token list, which is precisely what the attack bypasses
- One clever regex expected to catch all quoting tricks - each family needs its own detector
- A quote tracker that toggles state on escaped quotes, desyncing permanently mid-command
- Treating the checks as done - obfuscation is an arms race, and the corpus is the memory

Paste this into your AI builder first. It teaches the AI what you want before you give it the build prompt.

Related routes

More Agent QA & Security flows that share ground with this one.

Flows category icon
Agent QA & Security

Audit Trails for Tool Calls

Record an immutable, queryable trail of every action your agent takes - who, what, when, why, and outcome - for security and accountability.

01Define the audit record and scope
02Write records reliably and scrubbed
03Make the trail tamper-evident

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate
Flows category icon
Agent QA & Security

Build a Command Security Pipeline for Your Agent

Replace scattered if-else safety checks with a layered validator pipeline: single-purpose checks, an allow/ask/deny/passthrough contract, and severity-aware ordering.

01Define the contract and pipeline skeleton
02Implement early validators and input hygiene
03Build the main validator chain and hard path constraints

+1 more steps to Done

Best forproduction-grade builds with strict verification

4 steps120-180 minutesAdvanced
Flows category icon
Agent QA & Security

Dependency and Supply-Chain Scanning for Agents

Guard against the dependencies your agent adds: vulnerability scanning, hallucinated-package detection, and gated installs.

01Intercept dependency additions
02Verify existence and reputation
03Scan for vulnerabilities

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate

Made with Emergent