53,577 Skills, 946 Threats: The First Large-Scale Security Audit of the AI Agent Ecosystem

Key Points

• The aim is to assess the security of AI agent skills using a comprehensive scan.
• Conducted a security scan on 53,577 skills across two platforms: OpenClaw and Skills.sh.
• Applied 108 detection rules to identify vulnerabilities in AI skills.
• Measured scan latency for efficiency evaluation.
• Flagged 946 skills as threats, representing 1.77% of the total examined.
• Categorized threats into 875 critical, 52 high, and 19 medium severity levels.
• Achieved a 0% false positive rate, ensuring high detection accuracy.

Abstract