All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Security scanners for AI agent skill marketplaces fail to detect malicious skills, researchers find

By

"Samuel Judson", "Tjaden Hess"

5h ago· 15 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Hand-rolled, kettle-boiled, baked to perfection. Worth every minute at the bakery.

Score100TypeanalysisSentimentnegative

Summary

The article exposes critical security flaws in AI agent skill marketplaces, where malicious skills designed to steal credentials, exfiltrate data, and hijack agents are proliferating. The authors tested multiple security scanners—including ClawHub's detector, Cisco's agent skill scanner, and three scanners on skills.sh—and successfully bypassed all of them with minimal effort. The findings reveal that current security measures for AI agent ecosystems are fundamentally inadequate, as the authors conceived and implemented three out of four malicious skills in under an hour.

Key quotes

· 3 pulled
We recently bypassed ClawHub's malicious skill detector, Cisco's agent skill scanner, and all three of the scanners integrated into skills.sh.
These were not advanced attacks: it took us less than an hour to conceive and implement three of the four malicious skills.
Public skill marketplaces are being flooded with malicious skills that steal credentials, exfiltrate data, and hijack agents.
Snippet from the RSS feed
"We recently bypassed ClawHub’s malicious skill detector, Cisco’s agent skill scanner, and all three of the scanners integrated into skills.sh."

You might also wanna read

Skills Security Index: Risk Analysis for Agentic AI Skill Definitions

The Skills Security Index is a centralized repository that provides security risk analysis for agentic AI skill definitions. As AI agents in

index.tego.security·2mo ago

Agent Skills Directory: Cross-Platform Search for AI Agent Capabilities

The article presents a cross-platform directory for AI agent skills called 'Agent Skills' that aggregates over 100,000 skills across 30+ pla

Product Hunt·2mo ago

SkillShield: Security-Scored Directory for AI Skills and Agent Tools

SkillShield is a security-scored directory for AI skills and agent tools that scans GitHub/GitLab repositories with SKILL.md files through a

Product Hunt·3mo ago

Research Study: AI Agents vs Human Cybersecurity Professionals in Penetration Testing

This research paper presents the first comprehensive evaluation comparing AI agents to human cybersecurity professionals in real-world penet

arxiv.org·4mo ago

Security Vulnerabilities in Agentic AI Browsers: Testing Reveals Scam Susceptibility

The article examines the emerging security vulnerabilities in agentic AI browsers that autonomously browse, search, and interact online. It

guard.io·9mo ago

Website Scanner Evaluates AI Agent Readiness Across Multiple Standards

The article introduces a website scanning tool that checks how ready a website is for AI agents by evaluating multiple emerging standards an

isitagentready.com·1mo ago