[HUGGINGFACE]score: 0.55

67K AI Agent Skills Dataset Reveals Low Scanner Agreement on Malicious Skills

May 31, 2026

ClawHub Security Signals covers 67,453 public OpenClaw skill versions and finds that VirusTotal, static heuristics, and NVIDIA SkillSpector overlap on at most 10.4% of combined positives, with only 0.69% flagged by all three and 81.9% of flagged skills caught by exactly one scanner.

paper

HOW THIS AFFECTS YOU

●

builderYou cannot rely on any single scanner to catch malicious agent skills — the low overlap means a defense-in-depth approach across multiple scanner families is necessary for skill marketplaces or agent platforms.

●

policyThe near-zero consensus among established scanners on a large real-world skill corpus signals that current security tooling is inadequate for the emerging agent skill supply chain.

SOURCE

https://huggingface.co/papers/2606.01494

← back to feed