AI Agent Skill Security Report - 2026-04-06
A security audit of the AI agent skill ecosystem found 916 safe, 1011 suspicious, and 172 malicious skills out of 49,617 indexed. The report highlights several notable malicious skills and provides recommendations to protect against them.
Why it matters
This report sheds light on the security risks in the AI agent skill ecosystem and provides guidance to users on how to identify and mitigate these threats.
Key Points
- 1Security audit of 49,617 AI agent skills, with 2,104 deeply analyzed
- 2916 skills were deemed safe, 1,011 suspicious, and 172 malicious
- 3Several malicious skills were identified, including ones for evading AI detection and collecting user data
- 4Recommendations provided to audit skills, search safely, and pre-install check skills
Details
The report details the findings of an automated security audit on the AI agent skill ecosystem, including the Claude Code and MCP servers. Out of 49,617 indexed skills, 2,104 were deeply analyzed, with 916 deemed safe, 1,011 suspicious, and 172 malicious. The report highlights several notable malicious skills, such as 'humanize-ai-text' which can evade AI detection systems, 'moltguard' which tricks users into believing it detects security issues, and others that collect user data. The report provides recommendations for users to audit skills, search safely, and perform pre-install checks to protect against these threats.
No comments yet
Be the first to comment