Skip to content
ATR-2026-00060highSkill Compromiseexperimental

MCP Skill Impersonation and Supply Chain Attack

Detects MCP skills that impersonate trusted tools through multiple attack vectors: typosquatting (misspelled tool names), version spoofing (claiming to be newer versions of known tools), namespace collision (similar package names with different publishers), and suspicious tool name patterns that mimic legitimate skills. This goes beyond simple typo detection to cover the full supply chain attack surface for MCP skill registries and tool marketplaces.

嚴重度
high
類別
Skill Compromise
掃描目標
mcp
作者
ATR Community

建議回應

block toolalertsnapshotescalate

參考資料

OWASP Agentic
ASI04:2026 - Agentic Supply Chain Vulnerabilities
OWASP LLM
LLM03:2025 - Supply Chain VulnerabilitiesLLM05:2025 - Improper Output Handling
MITRE ATLAS
AML.T0010 - ML Supply Chain Compromise
在 GitHub 上查看完整 YAML →

更多 Skill Compromise 規則

ATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive PermissionsATR-2026-00124highSkill Squatting / Typosquatting