SkillOrKill.dev | Spot Malicious Agent Skills

1 min read Original article ↗

Agent Skill Incident Simulator

Malicious Skills: The New Supply Chain Threat

Attackers are already hiding malicious instructions in agent skills. Review realistic snippets and classify each one as SAFE or MALICIOUS before the timer expires.

Hidden installers Privilege abuse Command injection

5 rounds • timed decisions • instant feedback

How The Game Works

Classify each skill under pressure

  1. Inspect a real-looking skill snippet and installer flow.
  2. Choose SAFE or MALICIOUS before time runs out.
  3. Get instant scoring and explanation after every round.

Timed Rounds Instant Feedback Leaderboard

Recent Agent Skill Exploits

What happened in the wild

  • February 1, 2026: Koi reported ClawHavoc after auditing ClawHub skills and identifying 341 malicious skills.
  • February 16, 2026 update: the same report family expanded to 824 malicious skills as the marketplace grew.
  • February 2-4, 2026: Snyk documented an active clawhub/clawdhub1 malicious campaign using social engineering and skill-delivered reverse shell behavior.
  • Community PoC report: a public researcher thread described backdooring a ClawdHub skill by inflating trust signals and triggering real command execution (self-reported experiment).

Sources: Koi ClawHavoc research · Snyk clawdhub campaign analysis · theonejvo PoC thread on X

Top Defenders

Loading scores...