Procedural Memory
What the agent
learns should
stay auditable.
Heuristics derived from past scans are content-addressed and attested onchain so operators can inspect how Spieon adapts over time.
versions
1
avg success
80%
- 80% on 5 samples
heuristic / fastmcp-unicode-schema-poisoning
Version 1
FastMCP servers tend to accept Cyrillic look-alike characters in tool names; pair this with a tools/register payload to shadow ASCII tools.
- target
- mcp-http
- probe class
- mcp-schema-poisoning
- owasp
- LLM05
- atlas
- AML.T0051
- content hash
- b041355975e6…
- attestation
- 0xc232dcc127…