Skip to content

Hide Navigation Hide TOC

MCP Skill Impersonation and Supply Chain Attack - ATR-2026-00060 (324cde74-b8b7-5dc3-bb4c-3bc368fa3818)

Detects MCP skills that impersonate trusted tools through multiple attack vectors: typosquatting (misspelled tool names), version spoofing (claiming to be newer versions of known tools), namespace collision (similar package names with different publishers), and suspicious tool name patterns that mimic legitimate skills. This goes beyond simple typo detection to cover the full supply chain attack surface for MCP skill registries and tool marketplaces.

Cluster A Galaxy A Cluster B Galaxy B Level
ML Supply Chain Compromise (d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9) MITRE ATLAS Attack Pattern MCP Skill Impersonation and Supply Chain Attack - ATR-2026-00060 (324cde74-b8b7-5dc3-bb4c-3bc368fa3818) Agent Threat Rules 1
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern MCP Skill Impersonation and Supply Chain Attack - ATR-2026-00060 (324cde74-b8b7-5dc3-bb4c-3bc368fa3818) Agent Threat Rules 1