Security●●●Banger
SkillGuard – scan agent skills for prompt injection payloads
First open-source scanner for AI agent skill supply-chain attacks.
Solve My ProblemDark Horse
arabking
211mo ago
Back to browse
Skill or Kill – Can you spot the malicious AI agent skill?
by jfaganel99·Feb 25, 2026·3 points·1 comment
AI Analysis
●●SolidCrowd PleaserBig Brain
Gamified security training for AI agent skills, but it's pre-attack learning, not production defense.
Strengths
- •Reframes agent-skill security as a trainable, timed classification skill—makes real threat (hidden installers, privilege abuse) interactive and memorable.
- •Grounded in recent real exploits (ClawHavoc 341+ skills, Snyk clawdhub campaign, theonejvo PoC)—not hypothetical.
- •Leaderboard + instant feedback loop encourages repeated play and retention versus static docs.
Weaknesses
- •Game teaches classification, not mitigation—players learn to spot malicious skills but not how to defend systems against them.
- •Niche threat model (agent skills as supply chain vector) is emerging but not yet mainstream; audience limited to orgs already deploying agent frameworks.
Category
Target Audience
Security engineers, AI product teams, DevSecOps practitioners, enterprises deploying agent frameworks
Similar To
PicoCTF · PortSwigger Web Security Academy · OWASP Top 10
Similar Projects
Gaming●●Solid
Can you hack my agent, but in real-time with friends?
Hides AI secret, live multiplayer prompts race to uncover it through social competition.
Crowd Pleaser
arm32
103mo ago
Security●●Solid
SkillScan – Free API to detect malicious AI agent skill files
Detects credential theft patterns in AI skill files after ClaudHub attack proved the risk.
Solve My ProblemDark Horse
AutoPilotAI
303mo ago
Gaming●Mid
UK Car Bingo
Classic road trip game digitized, but manual tracking offers no advantage over paper.
Cozy
pattle
302mo ago
Security○Pass
ClawShield – Open-source firewall for agent-to-agent AI communication
This feels like the first serious attempt to treat agent-to-agent chatter as a network security problem: 16+ prompt-injection signatures (with recursive base64 decoding), AST static analysis of skills via acorn/estree, and sandboxed dynamic checks are concrete, non-trivial defenses. The repo shows real engineering (Docker, CI, security scans, 181 tests) — the missing piece is real-world performance and adoption, but if you run agent fleets this is worth poking at.
WizardryNiche Gem
Joe_DNAI
223mo ago
Security●●●Banger
RankClaw – AI-audited all 14,706 OpenClaw skills; 1,103 are malicious
Found 1,103 malicious skills (7.5%) that pattern matching missed; AI audit detects prompt injection in docs.
WizardryZero to OneShip It
do_anh_tu
213mo ago