638. Skill Marketplace Security Review Mechanism
Basic Information
| Item | Details |
|---|---|
| Topic | AI Agent Skill Marketplace Security Review Mechanism |
| Platforms Involved | ClawHub, Skills.sh, SkillsMP, etc. |
| Key Event | ClawHavoc Incident (February 2026, 341 malicious skills) |
| Audit Scale | Mobb audited 22,511 skills, found 140,963 issues |
| Security Collaboration | OpenClaw + VirusTotal collaboration |
Product Description
The security review mechanism for AI agent skill marketplaces is a critical infrastructure ensuring the safety and trustworthiness of the skill ecosystem. With the explosive growth of the skill ecosystem in 2026 (from thousands to over 350,000), security issues became a focal point for the industry. Snyk research scanned 3,984 skills and found that 13.4% contained critical security issues, while Mobb audited 22,511 AI-coded skills and identified 140,963 security issues.
In February 2026, the "ClawHavoc" incident occurred on ClawHub—researchers discovered 341 malicious skills, including malware disguised as cryptocurrency tools. This incident prompted the collaboration between OpenClaw and VirusTotal and sparked industry discussions on skill security standards.
Core Security Issues
Identified Threat Types
- Malicious Skill Injection: SKILL.md files disguised as legitimate tools
- Prompt Injection Attacks: Instructions embedded in skill descriptions to manipulate AI agent behavior
- Excessive Permission Requests: Skills requesting more system permissions than necessary
- Data Leakage: Skills sending user data to external servers
- Supply Chain Attacks: Malicious versions of popular skills modified
- Covert Execution: Malicious behavior hidden in background hooks
Security Statistics
| Audit | Skill Count | Issue Count | Critical Issue Rate |
|---|---|---|---|
| Snyk Research | 3,984 | - | 13.4% |
| Mobb Audit | 22,511 | 140,963 | - |
| ClawHavoc Incident | - | 341 malicious skills | - |
| Full Year 2026 | - | 824+ malicious skills discovered | - |
Platform Security Mechanism Comparison
ClawHub / OpenClaw
- Publisher Threshold: GitHub account must be registered for over a week
- Community Reporting: Automatically hidden after 3+ independent reports
- VirusTotal Collaboration: Scan, hash, and Code Insight analysis for each skill release
- Automatic Review Results: Automatic approval, warning, or blocking
- Known Limitations: VirusTotal cannot capture natural language prompt injections
Skills.sh
- Vercel + Snyk Collaboration: Built-in security scanning
- Automated Code Analysis: Pre-release security checks
Alexa Skills Store
- Amazon Manual Review: Each skill must pass Amazon's review team
- Privacy Policy Requirement: Skills must provide a privacy policy
- Functionality Testing: Automated functionality verification
Apple App Intents
- App Store Review: Most stringent manual review
- Sandbox Execution: Apps run in a sandbox
- Privacy Nutrition Labels: Privacy label system
Industry Recommendations and Trends
Security Recommendations by Mobb
- Standardized Security Metadata: Skill security audit tools similar to npm audit
- Shared Vulnerability Database: Cross-registry security vulnerability sharing
- Trust Chain and Revocation Mechanism: Similar to Docker Content Trust
- Sandbox Execution: Skills should not automatically inherit all developer permissions
- Explicit Consent: Environment variables and MCP connections require user authorization
- Hook Visibility: Developers should see what runs in the background
AI Agent Gateway (2026 Enterprise Solution)
- Security gateway deployed between AI agents and tools
- Intercepts every tool call request
- Evaluates request risk based on enterprise policies
- Approves or blocks execution in real-time
Government Level
- In January 2026, the U.S. federal government issued a Request for Information (RFI) on AI agent security considerations
- NIST and other agencies began drafting AI agent security standards
Business Models
- Security scanning services (VirusTotal, Snyk, etc.)
- Enterprise-level AI agent gateway products (Gravitee, etc.)
- Security audits and compliance consulting
- Enterprise private skill repositories (with security reviews)
Target Users
- Skill marketplace operators: Need security review infrastructure
- Enterprise security teams: Assess and manage AI agent skill risks
- Skill developers: Ensure their skills pass security reviews
- Security researchers: Discover and report skill vulnerabilities
- Policymakers: Establish AI agent security standards
Relationship with OpenClaw Ecosystem
The security review mechanism is key to ClawHub gaining enterprise user trust. The collaboration between OpenClaw and VirusTotal is a significant step, but new attacks like natural language prompt injections remain challenges. The improvement of security mechanisms will directly impact ClawHub's skill quality and user trust, determining whether OpenClaw can transition from a developer tool to an enterprise-level platform.
Information Sources
External References
Learn more from these authoritative sources: