Snyk’s ToxicSkills research reveals 36% of AI agent skills contain security flaws, including 1,467 vulnerable skills and active malicious payloads targeting OpenClaw, Claude Code, and Cursor users.

Snyk's blog is a source of information and advice for developers looking to ensure the security of their software applications. From vulnerability management and secure coding practices to compliance standards and threat intelligence, it covers a wide range of topics relevant to software security. Through practical tips, case studies, and expert commentary, the blog empowers developers to identify and address security vulnerabilities in their code, helping them build and maintain secure software applications in today's threat landscape.

Snyk

Snyk's ToxicSkills research reveals critical security vulnerabilities in the AI Agent Skills ecosystem. Scanning 3,984 skills from ClawHub and skills.sh, researchers found 13.4% contain critical security issues and 36.82% have at least one security flaw. The study confirmed 76 malicious payloads designed for credential theft, backdoor installation, and data exfiltration, with 8 remaining publicly available. Attack techniques include external malware distribution, obfuscated data exfiltration, and security disablement. The research introduces an 8-category threat taxonomy and the open-source mcp-scan tool for detecting malicious patterns in agent skills that power OpenClaw, Claude Code, and Cursor.

Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise

The threat landscape: Agent Skills under attack

Our methodology: Building a threat taxonomy

The findings: 534 of Agent Skills with critical security issues

Attack techniques: How malicious skills operate

100% of confirmed malicious skills contain malicious code

Beyond malware: The "Insecure by Design" problem of agentic systems

How to defend against ToxicSkills and agent malware

Discover Every AI Component Hidden in Your Codebase