1
    πŸ•΅οΈ Confusable Handle Detector

    πŸ•΅οΈ Confusable Handle Detector

    by JustHandled Labs

    Flag the hidden and look-alike characters lurking in a handle or brand string. Catches zero-width characters, mixed-script look-alikes (a Cyrillic "Π°" passing as a Latin "a"), right-to-left and bidi override characters, unexpected non-ASCII, and stacked combining marks. These are the spoofing tricks and display bugs you cannot catch by reading.

    Updated Jun 2026
    Security scanned
    Cursor

    $5

    Β· or 25 credits

    30-day refund guarantee

    Secure checkout via Stripe

    Included in download

    • Identify homoglyph-based brand impersonation attempts
    • Audit registration lists for hidden zero-width characters
    • terminal, file_read automation included
    • Ready for Cursor
    • Instant install

    Sample input

    Check if the handle "pΠ°ypal" is spoofed or contains any suspicious characters.

    Sample output

    Findings: [HIGH]

    • Rule: homoglyph-detected (ID: CH04)
    • Evidence: 'Π°' (U+0430) is Cyrillic Small Letter A, visually identical to Latin 'a'.

    Remediation

    Flag as high-risk spoofing attempt. Recommend blocking handle registration to prevent brand impersonation.

    About This Skill

    High-Stakes Handle Security

    In an era of sophisticated social engineering, a username that looks like "apple" might actually contain a Cyrillic "Π°" or a hidden zero-width joiner. The Confusable Handle Detector is a specialized security tool designed for developers, community managers, and security researchers to audit strings for Unicode-based spoofing attempts.

    What it does

    This skill performs deep inspections on handles, brand names, and text lists to identify:

    • Invisible Characters: Zero-width spaces and joiners that hide in plain sight.
    • Homoglyphs: Look-alike characters from different scripts (e.g., Latin 'o' vs. Greek 'ΞΏ').
    • Directional Overrides: RTL/LTR markers used to flip the display order of characters.
    • Mixed-Script Detection: Identifying suspicious script switching within a single word.

    Why use this skill

    Writing your own regex to catch every Unicode edge case is error-prone and time-consuming. This skill leverages a pre-built Python scanner and a curated reference library to provide instant, structured auditing. It moves beyond simple "Is this valid?" checks to "Is this deceptive?", providing actionable remediation snippets that help you explain risks to users or stakeholders without sounding alarmist.

    The Output

    Each scan produces a detailed report covering the scope inspected, a categorized list of findings by severity, and specific remediation advice based on JustHandled Labs' audit checklist.

    Use Cases

    • Identify homoglyph-based brand impersonation attempts
    • Audit registration lists for hidden zero-width characters
    • Detect malicious Right-to-Left (RTL) character tricks in usernames
    • Validate brand name hygiene across global character sets

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell
    Read Files

    File Scopes

    confusable-handle-detector/**
    **/*.txt
    --handle <name>
    --stdin

    Read-only. Inspects each character against the Unicode database in the standard library. Reads no environment variables and writes nothing.

    Tags

    security
    unicode
    spoofing-detection
    brand-protection
    validation

    Works with any agent that can run a local Python script (Claude Code, Cursor, Codex CLI, and other SKILL.md-compatible agents). Standard library only (built on unicodedata), no install step. No network calls.

    Creator

    JustHandled Labs

    JustHandled Labs creates focused agent skills and workflow packs for Claude, Codex, Cursor, and AI-assisted builders. Each tool is designed around a real repeatable task: cleaner commits, better PRs, stronger handoffs, safer repo hygiene, clearer documentation, and less copy-paste chaos. The goal is not generic AI productivity. The goal is specific workflows that are easier to run, review, and repeat. Maintained by H.J. Westerfield, with a background in communications, editing, project coordination, customer support, and practical AI systems. JustHandled Labs builds tools for people who want useful automation without theatrical complexity.

    Frequently Asked Questions

    Learn More About AI Agent Skills

    More Premium Skills

    sast-configuration

    sast-configuration

    Automate the setup and optimization of Semgrep, SonarQube, and CodeQL for high-signal security testing.

    $103 installs

    designing-hybrid-context-layers

    Architects the right retrieval strategy for every query β€” teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.

    $1015 installs

    consumer-motivation-analyzer

    Go beyond surface-level feedback to uncover the psychological drivers and hidden motivations behind buyer behavior.

    $199 installs

    Bounty Security Pattern Master Library β€” 399 Vulnerability Patterns

    A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.

    $758 installs

    $5