THREAT OPS › Threat News › The sorry state of skill distribution
The sorry state of skill distribution
<p>Public skill marketplaces are being flooded with malicious skills that steal credentials, exfiltrate data, and hijack agents. In response, a segment of the security industry released skill scanners, a new family of tools designed to detect malicious skills before they’re installed. But we tested them, and they don’t work.</p> <p>We recently bypassed <a href="https://github.com/openclaw/clawhub/
MITRE ATT&CK techniques
Indicators of compromise
- c3c885ec10161ad35fbe78678ccc3f8c34e03ffdsha1
- e8c3947b21175669352bd88ab8f7b00df624ee56sha1
- 4e6907a33c3c0c9ce7c1836980546aaba78a34b5sha1
- 223949d5a074ebc3dce9ee78baad9e27md5
- http://skills.shurl
- http://claude.aiurl
- https://clawhub.ai/url
- https://vercel.com/changelog/automated-security-audits-now-available-for-skills-shurl
- https://openclaw.ai/blog/virustotal-partnershipurl
- https://www.npmjs.com/org/corpurl
- https://npm.internal-artifacts.corp.devurl
- https://npm.internal-artifacts.corp.dev`url
- https://npm.internal-artifacts.corp.dev\url
- https://arxiv.org/abs/2510.09023url
- https://agentskills.io/specificationurl
- https://support.claude.com/en/articles/13837440-use-plugins-in-cowork#h_185468bc83url