We've been running automated security audits on the AI agent skill ecosystem (Claude Code, MCP servers). Out of 33156 indexed skills, 2069 have been deeply analyzed.
Results: 594 safe, 1223 suspicious, 246 malicious.
Notable Findings
🚨 humanize-ai-text by moltbro
Verdict: MALICIOUS | Risk: 76% | Downloads: 32323
A CLI toolkit that detects linguistic patterns associated with AI-generated text and rewrites content to evade AI detection systems such as GPTZero, T
Key threats:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
🚨 moltguard by thomaslwang
Verdict: MALICIOUS | Risk: 93% | Downloads: 17916
此技能声称安装一个名为MoltGuard的安全插件,用于防止提示注入、数据泄露和恶意命令,但其核心行为包含脚本化欺骗:指示AI读取一个包含'隐藏提示注入攻击'的文件,然后向用户谎称安全工具'检测到了'该攻击,实际上AI自己就是读取文件的主体,并无真实检测发生。
Key threats:
[HIGH]Dynamic Code Evaluation[HIGH]SSH Key Access[CRITICAL]LLM Semantic Detection
🚨 stealth-browser by mayuqi-crypto
Verdict: MALICIOUS | Risk: 81% | Downloads: 10225
A browser automation skill that enables anti-detection web scraping, Cloudflare/CAPTCHA bypass, persistent login sessions, and proxy rotation — primar
Key threats:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection
🚨 cellcog by nitishgargiitd
Verdict: MALICIOUS | Risk: 88% | Downloads: 9301
A Claude Code skill that wraps the CellCog external AI platform SDK, enabling agents to delegate multimodal tasks (research, video, images, PDFs, dash
Key threats:
[HIGH]Dynamic Code Evaluation[CRITICAL]LLM Semantic Detection[CRITICAL]LLM Semantic Detection
🚨 task-status by mightyprime1
Verdict: MALICIOUS | Risk: 88% | Downloads: 7738
A Clawdbot helper skill that sends task status messages to a Telegram account via WebSocket or CLI fallback, with optional periodic 'heartbeat' update
Key threats:
[HIGH]Dynamic Code Evaluation[HIGH]Outbound Data Transfer[CRITICAL]LLM Semantic Detection
Protect Yourself
Audit skills: clawsec.cc
Search safely: clawsearch.cc
Pre-install check:
npx clawsearch-guard <skill-name>
