Agent-Skills Is the Audited Counter to ClawHavoc
GitHub Trending #3 today. Plus 923 stars in 24 hours, 3.5k total. The premise sits at the top of the README in one number: 13.4 percent of agent skills in open marketplaces contain critical vulnerabilities. tech-leads-club/agent-skills positions itself as the hardened, audited counter-registry.
You need February's backstory. The ClawHavoc incident dropped 341 malicious skills on the ClawHub platform. That moment crystallized something the agent ecosystem had been sliding into without noticing: installing a skill is the same threat surface as installing an npm package, but worse, because skills ship inside agents with file, network, and exec privileges by default. The arXiv paper 2605.11418, Under the Hood of SKILL.md: Semantic Supply-chain Attacks on AI Agent Skill Registry, formalizes the threat model. A New Stack audit of 22,511 public skills across skills.sh, ClawHub, GitHub, and Tessl is what produced the 13.4 percent figure.
What Agent-Skills actually delivers. One hundred percent open source, no binaries allowed. Static analysis in CI/CD on every skill before it merges. Immutable integrity via lockfiles and content hashing. Human-curated prompts. Supports Antigravity, Claude Code, Cursor, Copilot, Cline out of the box. CLI installer with interactive wizards. MCP server integration. Content caching and audit logging baked in.
This is the SBOM equivalent moment for the skills ecosystem. Once you have seen a supply-chain attack, you start asking who vouches for the code. Antigravity, Cursor, Claude Code will all eventually converge on something like this. Validated registries with provenance, signed manifests, content-addressed delivery. The OWASP Agentic Skills Top 10 is already in draft. The first registry that nails the trust story owns the developer flow.
https://github.com/tech-leads-club/agent-skills
← Back to all articles
You need February's backstory. The ClawHavoc incident dropped 341 malicious skills on the ClawHub platform. That moment crystallized something the agent ecosystem had been sliding into without noticing: installing a skill is the same threat surface as installing an npm package, but worse, because skills ship inside agents with file, network, and exec privileges by default. The arXiv paper 2605.11418, Under the Hood of SKILL.md: Semantic Supply-chain Attacks on AI Agent Skill Registry, formalizes the threat model. A New Stack audit of 22,511 public skills across skills.sh, ClawHub, GitHub, and Tessl is what produced the 13.4 percent figure.
What Agent-Skills actually delivers. One hundred percent open source, no binaries allowed. Static analysis in CI/CD on every skill before it merges. Immutable integrity via lockfiles and content hashing. Human-curated prompts. Supports Antigravity, Claude Code, Cursor, Copilot, Cline out of the box. CLI installer with interactive wizards. MCP server integration. Content caching and audit logging baked in.
This is the SBOM equivalent moment for the skills ecosystem. Once you have seen a supply-chain attack, you start asking who vouches for the code. Antigravity, Cursor, Claude Code will all eventually converge on something like this. Validated registries with provenance, signed manifests, content-addressed delivery. The OWASP Agentic Skills Top 10 is already in draft. The first registry that nails the trust story owns the developer flow.
https://github.com/tech-leads-club/agent-skills
Comments