Building a Security Scanner for AI Agent Marketplaces
The article discusses the discovery of malicious skills on the ClawHub marketplace, which led the author to build a security scanner to address the growing threat of malicious AI agents. It outlines the various types of attacks found, such as credential harvesting, data exfiltration, and destructive operations, and explains why existing security tools are not well-suited to detect these threats.
Why it matters
As AI agent marketplaces become more prevalent, the risk of malicious skills being distributed is a significant concern that requires new security approaches.
Key Points
- 112% of skills on the ClawHub marketplace were found to be malicious, distributing keyloggers and credential stealers
- 2Malicious skills often look legitimate but quietly execute harmful actions like reading SSH keys or exfiltrating data
- 3Traditional security scanners are not designed to detect these threats, as they focus on scanning code rather than the text-based instructions that define AI agent skills
Details
The article describes the growing problem of malicious AI agent skills, with 30 MCP (Multimodal Conversational Prompt) CVEs disclosed in the first two months of 2026 alone. These attacks include prompt injection, tool poisoning, command injection, and denial-of-wallet attacks that can amplify token consumption by 142.4x. The author categorizes the types of malicious skills into 10 groups, including credential harvesting, data exfiltration, prompt injection, destructive operations, and more. Existing security tools are not well-suited to detect these threats, as they focus on scanning code rather than the text-based instructions that define AI agent skills. The author built a custom security scanner to address this gap and protect users from the growing threat of malicious AI agents.
No comments yet
Be the first to comment