# Malicious Skill Name Patterns
# These patterns match known malicious skill naming conventions
# Sources: Koi Security, Bloom Security/JFrog, Snyk, OpenSourceMalware, Antiy CERT, Endor Labs, Huntress, Socket, Lazarus, OWASP MCP
# Format: pattern|category|notes
# Last updated: 2026-03-15

# ClawHub typosquats (28 variants found)
^clawhub[0-9]*$|typosquat|clawhub misspelling
^clawhubb$|typosquat|double-b
^clawwhub$|typosquat|double-w
^cllawhub$|typosquat|double-l
^clawhubcli$|typosquat|fake CLI
^claw-hub$|typosquat|hyphenated
^clawhubb?-cli$|typosquat|CLI variant

# Crypto lures (111+ skills)
solana-wallet|crypto-lure|solana wallet variants
phantom-wallet|crypto-lure|phantom wallet variants
wallet-tracker|crypto-lure|generic wallet tracker
bybit-agent|crypto-lure|exchange bot
base-agent|crypto-lure|Base chain bot
eth-gas-track|crypto-lure|gas tracker lures

# Prediction market lures (34 skills)
polymarket|prediction-lure|polymarket variants
better-polymarket|prediction-lure|specific malicious name

# YouTube lures (57 skills)
youtube-summarize|youtube-lure|summarizer variants
youtube-.*-pro$|youtube-lure|pro suffix pattern

# Auto-updater lures (28 skills)
auto-updat|updater-lure|fake updater skills

# Finance lures (51 skills)
yahoo-finance|finance-lure|finance data lures
stock-track|finance-lure|stock tracker

# Google workspace lures (17 skills)
google-workspace|gworkspace-lure|workspace integration lures
gmail-|gworkspace-lure|gmail tool lures
gdrive-|gworkspace-lure|drive tool lures

# Known specific malicious skill names (Bloom Security/JFrog, Snyk)
^rankaj$|exfil-skill|.env credential exfiltration via webhook (rjnpage)
^reddit-trends$|exfil-skill|Silent .env exfil disguised as weather/reddit tool (aslaep123)
^polymarket-all-in-one$|reverse-shell|Contains reverse shell backdoor (noreplyboter)
^linkedin-job-application$|exfil-skill|Job application lure skill (bloom-campaign)
^openclawcli$|malware-installer|Windows infostealer in password-protected ZIP (Ddoy233)
^clawdhub1$|typosquat|Active variant of clawhub typosquat (~100 installations)

# Social media / job lures (Bloom Security)
reddit-|social-lure|Reddit tool lures
linkedin-|social-lure|LinkedIn tool lures
twitter-|social-lure|Twitter/X tool lures

# NEW categories discovered Feb 2026 (Antiy CERT, Snyk ToxicSkills)
# Browser automation agent lures
browser-automat|browser-lure|Browser automation agent lures
web-scrape|browser-lure|Web scraping tool lures

# Coding agent lures
coding-agent|coding-lure|Coding assistant lures
code-review|coding-lure|Code review tool lures

# PDF tool lures
pdf-convert|pdf-lure|PDF conversion tool lures
pdf-extract|pdf-lure|PDF extraction tool lures

# Fake security scanning skills (ironic camouflage)
security-scan|security-lure|Fake security scanners that are themselves malicious
virus-scan|security-lure|Fake antivirus/scanning tools

# WhatsApp integration lures
whatsapp-|messaging-lure|WhatsApp integration lures
telegram-bot|messaging-lure|Telegram bot lures

# Fake installer lures (Huntress, Mar 2026 - Bing AI search poisoning)
openclaw-install|fake-installer|Fake OpenClaw installer (GhostSocks/Vidar)
openclaw-setup|fake-installer|Fake setup scripts
openclaw-windows|fake-installer|Windows-specific fake installer
openclaw-mac|fake-installer|macOS-specific fake installer

# Voice-call/telephony lures (post CVE-2026-28446 wave)
voice-call|voice-lure|Voice/telephony integration lures
voice-agent|voice-lure|Voice agent lures
phone-|voice-lure|Phone integration lures

# Fake installer campaign patterns (Huntress, Mar 2026)
magic-install|fake-installer|Installer-themed lure used in fake OpenClaw campaign
install-openclaw|fake-installer|Typosquat installer naming cluster
simple-claw|typosquat|Brand typosquat used in fake installer campaign
comfyui-auto-installer|cross-campaign-lure|Cross-project installer lure tied to same operators
openclaw-trading-assistant|finance-lure|Self-promotion lure linked to fake installer operators

# SANDWORM_MODE worm package patterns (Socket, Feb 20 2026)
# 19 typosquatted npm packages inject rogue MCP servers into AI tool configs
@anthropic/sdk-extra|sandworm-typosquat|Typosquat of @anthropic/sdk (SANDWORM_MODE worm)
@anthropic/cli-tools|sandworm-typosquat|Typosquat of Anthropic CLI (SANDWORM_MODE worm)
claude-code-utils|sandworm-typosquat|Claude Code utility typosquat (SANDWORM_MODE worm)
claude-mcp-helper|sandworm-typosquat|MCP helper typosquat (SANDWORM_MODE worm)
claudecode-ext|sandworm-typosquat|Claude Code extension typosquat (SANDWORM_MODE worm)
claude-dev-tools|sandworm-typosquat|Claude dev tools typosquat (SANDWORM_MODE worm)
cursor-mcp-bridge|sandworm-typosquat|Cursor MCP bridge typosquat (SANDWORM_MODE worm)
cursor-tools-ext|sandworm-typosquat|Cursor tools extension typosquat (SANDWORM_MODE worm)
mcp-server-utils|sandworm-typosquat|MCP server utils typosquat (SANDWORM_MODE worm)
mcp-tool-runner|sandworm-typosquat|MCP tool runner typosquat (SANDWORM_MODE worm)
mcp-proxy-server|sandworm-typosquat|MCP proxy server typosquat (SANDWORM_MODE worm)
windsurf-mcp-bridge|sandworm-typosquat|Windsurf MCP bridge typosquat (SANDWORM_MODE worm)
continue-mcp-ext|sandworm-typosquat|Continue MCP extension typosquat (SANDWORM_MODE worm)
vscode-ai-helper|sandworm-typosquat|VS Code AI helper typosquat (SANDWORM_MODE worm)
ai-code-review|sandworm-typosquat|AI code review typosquat (SANDWORM_MODE worm)
copilot-mcp-bridge|sandworm-typosquat|Copilot MCP bridge typosquat (SANDWORM_MODE worm)
openai-mcp-tools|sandworm-typosquat|OpenAI MCP tools typosquat (SANDWORM_MODE worm)
llm-gateway-utils|sandworm-typosquat|LLM gateway utils typosquat (SANDWORM_MODE worm)
agent-tool-sdk|sandworm-typosquat|Agent tool SDK typosquat (SANDWORM_MODE worm)

# Lazarus XPACK campaign patterns (Feb 4 2026)
bigmathutils|lazarus-npm|Lazarus RAT distribution via fake math library
graphalgo|lazarus-npm|Lazarus RAT distribution via fake algorithm library

# MCP rug pull patterns (Semgrep, Feb 2026)
postmark-mcp|mcp-rugpull|Malicious MCP server - BCC exfiltration after 15 clean versions

# DXT extension attack patterns (LayerX, Feb 2026)
# AI desktop extension lures exploiting zero-click calendar injection
dxt-calendar|dxt-lure|Desktop extension exploiting calendar event injection
dxt-auto-|dxt-lure|Desktop extension auto-* lures
