ClawHub Security Signals: When VirusTotal, Static Analysis, and SkillSpector Disagree

Researchers released ClawHub Security Signals, a dataset of 67,453 AI agent skills analyzed by three security scanners, revealing significant disagreement among detection methods. Only 0.69% of skills were flagged by all three scanners, indicating that single-scanner verdicts are insufficient for securing AI agent ecosystems and requiring layered security governance instead.

The emergence of AI agent skills as a distinct security surface has created a unique governance challenge that existing malware detection frameworks fail to address comprehensively. ClawHub's analysis demonstrates that VirusTotal, static heuristic analysis, and NVIDIA SkillSpector operate with fundamentally different detection models—traditional malware reputation, code-level heuristics, and semantic agentic-risk assessment respectively—resulting in minimal overlap. This fragmentation reflects a deeper problem: agent skills represent executable workflows that blur boundaries between model behavior and traditional software vulnerabilities, requiring detection approaches that current security infrastructure cannot provide uniformly.

The structured disagreement by attack surface is particularly revealing. SkillSpector's high positive rate on suspicious skills (75.3%) but minimal flagging of confirmed malicious skills (6.8%) suggests it excels at identifying behavioral red flags before exploitation occurs, while VirusTotal's strength in malicious verdicts (72.8%) indicates effectiveness against bundled-code threats. Neither scanner alone captures the full risk landscape. This dataset maturation problem matters significantly for the AI development community, as it exposes the danger of premature standardization on any single security tool—a common industry reflex when facing new risk categories.

The implications extend beyond technical security. As AI agents become infrastructure for enterprise systems, regulatory bodies will likely demand demonstrable security practices. Organizations relying on single-scanner verdicts face compliance gaps and undetected skill-based attacks. The release of this sanitized silver-standard dataset, while not human-annotated ground truth, provides crucial community resources for developing specialized models and governance frameworks. Teams should anticipate that mature agent-skill security requires security-as-a-process thinking, combining multiple detection modalities with behavioral monitoring and version management rather than binary allow/block decisions.

• →Three major security scanners agree on less than 1% of flagged AI agent skills, proving single-tool verdicts are inadequate for skill security.
• →SkillSpector detects semantic agentic risks effectively while VirusTotal excels at finding bundled-code malware, indicating complementary strengths across scanners.
• →Agent skills require governance frameworks combining multiple detection layers rather than traditional malware-focused allow/block policies.
• →The dataset enables community research on specialized skill-security triage models, accelerating best-practice development.
• →Organizations deploying AI agents face compliance and security gaps if relying on single security scanning tools.