Technical Report: Exploring the Emerging Threats of the Agent Skill Ecosystem

Researchers identified 76 confirmed malicious AI agent skills across major marketplaces, with 13.4% of 3,984 analyzed skills containing critical security vulnerabilities. The findings highlight urgent risks as AI agents gain access to sensitive credentials and systems, with malicious payloads still publicly available on platforms like clawhub.ai.

The emergence of AI agent skill marketplaces represents a critical infrastructure gap in the rapidly expanding autonomous AI ecosystem. Unlike traditional software distribution, these platforms lack mature security vetting mechanisms, creating an attractive vector for attackers seeking to compromise systems through trusted integrations. The research reveals that malicious actors are actively exploiting this gap with credential theft, backdoor installation, and data exfiltration tactics—threats that become exponentially more dangerous as enterprises deploy AI agents with broad system access.

This security landscape mirrors the early challenges faced by mobile app stores and browser extensions, where rapid growth outpaced security infrastructure. However, the stakes are substantially higher with AI agents, as a compromised skill can provide attackers with legitimate access to databases, APIs, and internal systems. The 13.4% critical vulnerability rate suggests the problem is systemic rather than isolated, indicating platform operators have not implemented adequate review processes. The persistence of confirmed malicious skills on public marketplaces weeks after discovery demonstrates enforcement gaps.

For developers and enterprises, this creates a difficult calculus: AI agent automation offers significant productivity gains, but current marketplace security cannot guarantee safety. Organizations deploying AI agents face increased liability exposure and operational risk. Marketplace operators must urgently implement automated security analysis, manual code review, and real-time threat monitoring to remain viable. The research essentially establishes that manual security auditing, while resource-intensive, is now table stakes for maintaining trust in these platforms.

• →13.4% of analyzed AI agent skills contain critical-level security issues, indicating systemic marketplace vulnerabilities.
• →Malicious skills exploiting credential theft, backdoors, and data exfiltration remain publicly available on major platforms.
• →Rapid marketplace growth has outpaced security infrastructure, creating attractive attack surface for threat actors.
• →Enterprises deploying AI agents with system access now face elevated operational and liability risks.
• →Automated security analysis is essential for skill marketplaces to maintain platform integrity and user trust.