ClawHub Security Signals: When VirusTotal, Static Analysis, and SkillSpector Disagree

2026-05-31 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Data Science & Analytics · Depth: Advanced, quick

Summary

ClawHub Security Signals is a newly released, sanitized dataset comprising 67,453 public OpenClaw skill versions, designed to study security boundaries for AI agent skills. The dataset pairs redacted SKILL.md content and bundled files with a ClawScan registry verdict and evidence from three scanner families: VirusTotal, static heuristic analysis, and NVIDIA SkillSpector. Analysis reveals significant disagreement among these scanners regarding skill security. Any pair of scanners overlaps on at most 10.4% of their combined positives, only 0.69% of skills are flagged by all three, and 81.9% of flagged skills are identified by a single scanner. This disagreement is structured by attack surface; SkillSpector flags 75.3% of 25,504 suspicious rows but only 6.8% of 206 malicious ones, while VirusTotal identifies 72.8% of 206 malicious rows, consistent with bundled-code malware. The corpus is a silver-standard dataset, intended to support further research into layered agent-skill security.

Key takeaway

For AI Security Engineers evaluating agent skill trustworthiness, relying on a single scanner like VirusTotal or SkillSpector is insufficient. You must implement a layered security approach, recognizing that different scanners detect distinct attack surfaces. Your security strategy should integrate multiple detection methods to cover both traditional malware in bundled code and semantic agentic risks, rather than making allow/block decisions based on isolated signals.

Key insights

AI agent skill security requires layered governance due to significant scanner disagreement across attack surfaces.

Principles

• Single security scanners are insufficient for agent skills.
• Scanner disagreement is structured by attack surface.
• Semantic risk differs from traditional malware detection.

Method

ClawHub Security Signals dataset was created by pairing redacted SKILL.md content and bundled files with ClawScan verdicts and evidence from VirusTotal, static analysis, and NVIDIA SkillSpector.

In practice

• Use ClawHub dataset for skill-security triage model development.
• Implement layered security for AI agent skills.
• Differentiate semantic agentic risk from malware detection.

Topics

• AI Agent Skills
• ClawHub Dataset
• Security Scanners
• VirusTotal
• SkillSpector
• Static Code Analysis

Best for: Research Scientist, CTO, VP of Engineering/Data, AI Security Engineer, AI Scientist, MLOps Engineer

Related on AIssential

• Trump administration to ask US AI firms to voluntarily submit models for cybersecurity tests — The U.S. government seeks voluntary AI model cybersecurity testing from firms like OpenAI and Google via CAISI.
• Anthropic scales Project Glasswing to 150 partners across 15 countries to hunt critical software flaws — AI models like Claude Mythos can rapidly identify critical software vulnerabilities, posing both defensive and offensive capabilities.
• Your JWT Is Lying to You - The Authorization Problem Nobody Solves Correctly — JWTs alone are insufficient for dynamic, fine-grained authorization; external policy engines are essential for scalable security.
• Hackers hijacked high-profile Instagram accounts by simply asking Meta's AI chatbot to change the email — Meta's AI support chatbot was exploited via prompt injection to hijack Instagram accounts, bypassing 2FA and automated identity checks.
• Chrome stops hackers from stealing your browser cookies now - how its new security feature works — Device Bound Session Credentials (DBSC) cryptographically ties browser cookies to a device's security chip, preventing their use if stolen.
• Reference your own AWS Secrets Manager secrets in Amazon Bedrock AgentCore Identity — Amazon Bedrock AgentCore Identity now allows referencing existing AWS Secrets Manager secrets for enhanced credential governance.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.