Skip to content
ATR-2026-00134mediumSkill Compromiseexperimental

Fork Claim and Community Package Impersonation

Detects skill/package impersonation through fork claims and community-variant naming. Unlike ATR-2026-060 (typosquatting detection), this catches packages that claim to be "community forks", "enhanced versions", or "unofficial alternatives" of known tools. Also detects abstracted permission descriptions that obscure dangerous capabilities behind benign language ("required capabilities: internet, storage" instead of "needs network + filesystem access"). Discovered via Autoresearch v0 (94% miss on fork_claim, 97% on abstracted_permissions, 97% on original_naming).

嚴重度
medium
類別
Skill Compromise
掃描目標
skill
作者
ATR Community

建議回應

alertreduce permissions

參考資料

OWASP Agentic
ASI04:2026 - Agentic Supply Chain Vulnerabilities
在 GitHub 上查看完整 YAML →

更多 Skill Compromise 規則

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive Permissions