ATR-2026-00060highSkill Compromiseexperimental

MCP Skill Impersonation and Supply Chain Attack

Detects MCP skills that impersonate trusted tools through multiple attack vectors: typosquatting (misspelled tool names), version spoofing (claiming to be newer versions of known tools), namespace collision (similar package names with different publishers), and suspicious tool name patterns that mimic legitimate skills. This goes beyond simple typo detection to cover the full supply chain attack surface for MCP skill registries and tool marketplaces.

Severity

high

Response Actions

block toolalertsnapshotescalate

References

OWASP Agentic

ASI04:2026 - Agentic Supply Chain Vulnerabilities

OWASP LLM

LLM03:2025 - Supply Chain VulnerabilitiesLLM05:2025 - Improper Output Handling

MITRE ATLAS

AML.T0010 - ML Supply Chain Compromise

View full YAML on GitHub →

More Skill Compromise Rules

ATR-2026-00120criticalSKILL.md Prompt Injection ATR-2026-00121criticalMalicious Code in Skill Package ATR-2026-00122highWeaponized Skill — Agent as Attack Tool ATR-2026-00123highOver-Privileged Skill — Excessive Permissions ATR-2026-00124highSkill Squatting / Typosquatting