HarmfulSkillBench: How Do Harmful Skills Weaponize Your Agents?

· Source: cs.AI updates on arXiv.org · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Expert, extended

Summary

A large-scale measurement study, "HarmfulSkillBench," analyzed 98,440 skills across two major agent registries, ClawHub and Skills.Rest, revealing that 4.93% (4,858) are harmful. ClawHub showed an 8.84% harmful rate, significantly higher than Skills.Rest's 3.49%. Researchers developed an LLM-driven scoring system based on a 21-category harmful skill taxonomy, achieving an F1 score of 0.82. The study found that harmful skills, particularly those related to cyber attacks, privacy violations, fraud, and unsupervised financial advice, receive comparable or higher median downloads than non-harmful skills. A new benchmark, HarmfulSkillBench, comprising 200 harmful skills across 20 categories, was constructed to evaluate agent safety. Evaluation of six LLMs on this benchmark demonstrated that presenting a harmful task through a pre-installed skill substantially lowers refusal rates, increasing the average harm score from 0.27 (without skill) to 0.47 (with skill and explicit task), and further to 0.76 when the harmful intent is implicit.

Key takeaway

For CTOs and VPs of Engineering overseeing LLM agent deployments, you must recognize that pre-installed skills can bypass agent safety filters, even for explicitly harmful tasks. Prioritize integrating robust content-level policy compliance checks into your skill registry pipelines and ensure your LLM agents are aligned to proactively refuse Tier 1 prohibited actions and default to Human-in-The-Loop review and AI disclosure for Tier 2 high-risk scenarios, rather than relying solely on user instructions.

Key insights

Pre-installed harmful skills significantly reduce LLM agent refusal rates, especially when harmful intent is implicit.

Principles

Method

An LLM-driven scoring system, using GPT-5.4-Mini, identifies harmful skills based on a 21-category taxonomy. HarmfulSkillBench evaluates agent safety by varying skill presence and task explicitness.

In practice

Topics

Code references

Best for: Research Scientist, CTO, VP of Engineering/Data, AI Scientist, AI Security Engineer, Director of AI/ML

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by cs.AI updates on arXiv.org.