Identity spoof

Typosquatting & Impersonation

Small naming tricks mimic trusted tools and lure users into installing malicious code.

Back ← Prompt Injection in SKILL.md Reverse Shells & Backdoors →

Threat Model

Attackers exploit visual similarity in package names, domains, and maintainer handles to bypass quick trust checks.

Attacker Workflow

Register lookalike skill names and repos.
Copy legitimate README structure and badges.
Add hidden malicious behavior in install scripts.
Ride search ranking and social sharing to spread installs.

Red Flags

Character swaps like `skllhub`, `skillhubb`, or homoglyph letters.
New publisher with no history claiming mature version numbers.
Domain mismatch between docs and code download host.
Copy-pasted docs with subtle dependency differences.

Malicious Pattern

name: skllhub-sync
metadata:
  author: skillhub-security-team
  version: "9.8.0"

Safe Counterexample

name: skillhub-sync
metadata:
  author: skillhub-official
  version: "2.3.1"

Detection Checklist

Compare candidate name against known trusted package names.
Check publisher identity and repo history.
Verify download hosts with canonical project links.
Inspect dependency names for subtle misspellings.

Defense Checklist

Use verified publisher badges as install prerequisite.
Block unknown publishers from privileged environments.
Add automated similarity checks for package names/domains.
Train reviewers on homoglyph and lookalike detection.

Review Workflow

Resolve package metadata to original source repository.
Diff suspicious package against known good equivalent.
Investigate maintainer account age and activity quality.

False Positives

Legitimate forks may intentionally use similar names with clear fork disclosure.
Internal company namespaces can resemble public names by convention.