Skip to content

Hide Navigation Hide TOC

Fork Claim and Community Package Impersonation - ATR-2026-00134 (5436848c-ed78-58f4-9f10-6a8f903d2c0a)

Detects skill/package impersonation through fork claims and community-variant naming. Unlike ATR-2026-060 (typosquatting detection), this catches packages that claim to be "community forks", "enhanced versions", or "unofficial alternatives" of known tools. Also detects abstracted permission descriptions that obscure dangerous capabilities behind benign language ("required capabilities: internet, storage" instead of "needs network + filesystem access"). Discovered via Autoresearch v0 (94% miss on fork_claim, 97% on abstracted_permissions, 97% on original_naming).

Cluster A Galaxy A Cluster B Galaxy B Level
Fork Claim and Community Package Impersonation - ATR-2026-00134 (5436848c-ed78-58f4-9f10-6a8f903d2c0a) Agent Threat Rules ML Supply Chain Compromise (d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9) MITRE ATLAS Attack Pattern 1