Insights on AI agent security, vulnerability research, tool poisoning, and keeping the ecosystem safe.
Northeastern researchers deployed 6 autonomous AI agents unsupervised. They leaked data, taught each other to bypass safety rules, and one tried to delete a mail server. The failure was always the skills.
Read the researchTrivy GitHub Action compromised 12,000+ projects by scraping API keys from memory. Cargo CVE-2026-33056 enables build-time code execution. Both hit AI skill developers this week. Here's what to do now.
Read the incident analysisOWASP just published the first security framework for AI agent tools — and the numbers are alarming: 84.2% tool poisoning success rate. This article maps each risk to what SkillShield detects.
Read the checklistIn February 2026, a developer installed a skill into their OpenClaw agent. Within two weeks, they discovered their API keys, service tokens, and browser cookies had been systematically exfiltrated.
Read the case studyDatabricks released DASF v3.0 on March 20, 2026 — adding 35 new agentic AI security risks and 6 new controls. Learn how SkillShield maps to the Databricks AI Security Framework.
Read the framework mappingAgentAudit found 35% of MCP packages have vulnerabilities. Compare SkillShield vs MCP-Shield to see which MCP security scanner fits your workflow.
Read the comparisonGravitee's 2026 survey of 900+ orgs: 88% had AI agent security incidents, but only 14.4% have approval gates. The confidence paradox, the supply chain vector, and how pre-deployment scanning closes the gap.
Read the researchThis guide walks through a practical audit of your installed agent skills using the OWASP framework as the checklist, with SkillShield as the scanning layer for the categories it covers.
Read the guideThat's the finding from analysis of over 30,000 skills across major registries. 25% of the skills developers are installing — running with access to their file systems, API keys, and deve...
Read the researchIn February 2026, security researchers at Koi Security identified a coordinated malware campaign targeting OpenClaw developers through ClawHub, the primary skill marketplace. The campaign...
Read the researchIn early 2026, OWASP launched the Agent Security Initiative (ASI) — the first comprehensive security standard for AI agent systems. ASI04 specifically addresses agent tool and skill secur...
Read the guideOWASP released the Top 10 for Agentic Applications in late 2025, and it's already the canonical reference for AI agent security. Developed by 100+ industry experts, researchers, and pract...
Read the researchIn March 2026, the Model Context Protocol (MCP) ecosystem experienced what security researchers are calling a "CVE burst" — a cluster of related security vulnerabilities disclosed within...
Read the guideCVE-2026-25253 isn't a subtle misconfiguration. It's a CVSS 9.6 — critical — remote code execution vulnerability that allows an attacker to take over an AI agent runtime via WebSocket bef...
Read the guideKrebs on Security documented CurXecute: a malicious MCP server instructed Cursor AI to execute arbitrary shell commands without user approval. Here's why pre-execution scanning is essential.
Read the analysisOpenAI's Agents SDK guardrails have specific coverage boundaries. Learn what they handle, where the gaps are, and why tool-level review is still essential for production security.
Read the analysisIn February 2026, Snyk scanned 3,984 skills on ClawHub and found 36% contain security flaws — 76 confirmed malicious payloads still active. Here's what ToxicSkills means for OpenClaw users, and why static scanners miss 60% of the risk.
Read the researchClaude Code is one of the most capable AI coding agents available. It can read files, execute commands, query databases, and interact with APIs. But with that power comes risk — especiall...
Read the guidePractical guide to agent-scoped MCP isolation: implement strict tool boundaries, subagent-only access, and predictable scope propagation in Claude Code and OpenAI Agents.
Read the guideIntegrate SkillShield into GitHub Actions, GitLab CI, and containerized workflows. Block merges on high-severity findings and automate skill security scanning.
Read the guideWhen you authenticate to a service via an MCP server, who exactly is making that request?
Read the researchContainer isolation protects the host from the agent. Skill scanning protects the agent from the skill. Learn why production AI agents need both security layers.
Read the analysisYou install an MCP server from npm. The code looks clean — no suspicious network calls, passes npm audit, the tool definitions look standard. You run it. Your AI agent behaves unexpectedl...
Read the guideBefore installing any AI agent skill from GitHub, run through this checklist. It takes 2 minutes and could save you hours of security cleanup. ## ☐ 1. Check the Author
Read the guideClaude Code, GitHub Copilot, and OpenAI Codex all use the same portable skill format: SKILL.md. Anyone can create one. Anyone can publish it to GitHub. And anyone can install it.
Read the guideHard-coded API keys in MCP skill definitions are one of the most common and least visible security issues in AI agent deployments. Here's how SkillShield finds what git scanners miss.
Read the guideSkillShield and sandboxing tools like Agent Safehouse solve different AI agent security problems. A practical FAQ on threat models, implementation order, integration, and risk scoring.
Read the guideOpenClaw skills can exfiltrate data, harvest credentials, and escalate privileges — before you ever notice. This guide shows how to integrate SkillShield into your OpenClaw workflow with pre-install hooks, CI/CD pipelines, and batch audits.
Read the guideallowed-tools (or ## Tools in SKILL.md format) is the permission boundary that defines what an AI agent skill is allowed to do.
Read the guideAI agents can fail in 11 distinct, documented ways. Here's every attack type — from prompt injection to cross-agent propagation — with the research behind each one and what you can do about it.
Read the guideSeven MCP security scanners now compete to protect AI agent skills. We compare SkillShield, Vett, Aguara, Tork-scan, armor1.ai, Snyk Agent Scan, and JadeGate — coverage, methods, and which to use.
Read the analysisIndirect PII extraction is one of the hardest AI agent security problems to catch. Here's how attackers pull private data out of agents without ever asking for it directly — and what you can actually do about it.
Read the analysisFilesystem sandboxing constrains what an AI agent can access. Skill vetting constrains what it will run. These are different threat models — here's why production agents need both.
Read the analysisCross-agent propagation is what happens when a single compromised skill infects other agents in your stack without ever touching the chat layer. Here's how it works, why it's worse than prompt injection, and what you can actually do about it.
Read the analysisIdentity spoofing in AI agents happens when one agent impersonates another to gain elevated permissions or extract data. Here's how it works and why it's hard to detect.
Read the analysisA 38-author paper used OpenClaw to red-team live AI agents for two weeks. Here are the 11 AI agent security vulnerabilities it exposed — and which ones SkillShield can test today.
Read the analysisAgentSeal tests your agent's runtime behavior. SkillShield scans what your agent installs. Here's why you need both — and what each one actually catches.
Read the analysisRunning a scan doesn't make AI agent skills safe. Here's why point-in-time checks fail — and what continuous ai agent skill security monitoring actually requires.
Read the analysisAn independent OWASP Agentic audit of the OpenClaw ecosystem found 2,200 malicious skills and 9 CVEs. Static scanning caught 35 issues per skill. Runtime is where the real risk lives.
Read the analysisA malicious tool response can silently redirect an AI agent's actions — exfiltrating data, triggering unintended calls, or corrupting entire reasoning chains. Here's how tool poisoning works and what to log.
Read the analysisMalicious MCP servers are hiding in unofficial registries. Here's the supply chain risk surface plugin marketplace operators need to address now.
Read the analysisLearn how to vet AI skills before installing them. Our AI skill security checklist stops malicious plugins. Protect your agent from 12% malicious rate.
Read the guideOWASP AI security framework for agents explained. Discover the top 10 AI agent vulnerabilities with real-world examples. Protect your systems today.
Read the analysisReal prompt injection examples from Moltbook and ClawHub. AI security threats target agents at scale. Learn detection tactics and protect your system now.
Read the analysisClawHub security exposed: 32.6% CRITICAL risk rate. AI marketplace vulnerabilities include credential theft and zero vetting. Scan your skills now.
Read the analysis386 fake crypto skills. One C2 server. 7,000+ downloads before anyone noticed. Inside the largest malicious AI skill campaign found on ClawHub — and what to look for.
Read the analysisWe ran an AI skill security scan on 1,676 agent skills—12% were malicious AI skills. 461 scored CRITICAL. Scan your skills before they scan you.
Read the analysisOur AI skill scanner found 461 critical threats before Meller's report. SkillShield review confirms: 12% of AI skills are malicious. Scan yours now.
Read the analysis