Blog

Security Blog

Guides, threat analysis, and best practices for AI skill security

ClawHub Malicious Skills Exposed: How One User Uploaded 354 Fake Tools to Steal Your Credentials

ClawHub user hightower6eu uploaded 354 malicious skills disguised as crypto, finance, and productivity tools — accumulating nearly 7,000 downloads. We break down the attack and show how to detect these threats before installation.

securityclawhubclawhavocmalware

Published March 14, 2026SkillsSafe Team

Read article

How to Check If an AI Skill Is Safe: A 5-Step Guide

Before installing any AI agent skill, follow these 5 steps to verify it's safe. Covers credential theft detection, zero-width character checks, and automated scanning with SkillsSafe.

securityguideopenclawskill-audit

Published March 12, 2026SkillsSafe Team

Read article

Zero-Width Character Attacks: How Hidden Unicode Is Used to Hijack AI Agents

Zero-width characters are invisible to humans but readable by AI. Attackers use them to hide malicious instructions inside seemingly safe AI skill files. Here's how the attack works — and how to detect it.

securityzero-widthunicodeprompt-injection

Published March 12, 2026SkillsSafe Team

Read article