Skill Squatting / Typosquatting - ATR-2026-00124 (87b6f2f8-3d43-5acd-b487-a1d96d762654)
Detects skills impersonating known publishers or using typosquatted names. VirusTotal documented threat actor "hightower6eu" publishing 314 skills with legitimate-sounding names delivering AMOS infostealers. OWASP AST04 covers insecure metadata including fake brand impersonation. This rule only flags skills from UNKNOWN publishers that claim to be official. Skills from verified publishers (anthropics, vercel-labs, microsoft, github, google) are excluded.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Skill Squatting / Typosquatting - ATR-2026-00124 (87b6f2f8-3d43-5acd-b487-a1d96d762654) | Agent Threat Rules | ML Supply Chain Compromise (d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9) | MITRE ATLAS Attack Pattern | 1 |