AI Agent Security Risks: 30,000 Skills Analysis

The more actively the AI agent market develops, the more acute the question becomes: how secure are they? Not in a philosophical sense, but in a very practical one – what happens when thousands of developers publish ready-made “skills” for AI agents in open catalogs, and who even checks what's inside?

Alibaba Cloud decided to answer this question with concrete data. A team of researchers analyzed over 30,000 skills published on the ClawHub platform – a catalog where developers host ready-made modules to extend the capabilities of AI agents. The findings were alarming enough to bring to light.

What Are AI Agent Skills and Why Is Their Security Important?

What Is an AI Agent “Skill” and Why Does It Matter?

In short: a modern AI agent is not just a language model that answers questions. It is a system that can act: search the internet, manage files, send messages, and call external services. All of this is implemented through so-called skills – separate modules that connect to the agent and extend its functionality.

To put it simply, a skill for an AI agent is much like a browser plugin or a smartphone app. It's convenient and fast, but there's always a risk: what exactly is this module doing under the hood?

ClawHub is exactly that – a skill store from Alibaba Cloud. Thousands of developers publish ready-made solutions there that others can connect to their agents. The platform's scale makes it a good indicator of the state of security in this part of the AI ecosystem as a whole.

Security Vulnerabilities Found in AI Agent Skills

What They Found Inside

The researchers ran all 30,000 skills through a security analysis system and obtained a fairly detailed picture of the threats involved.

The main conclusion: a significant portion of skills contain vulnerabilities or potentially dangerous behavioral patterns. And we're not just talking about simple mistakes – among the problems found are high-risk threats.

Among the most serious categories of threats, several areas stand out:

• Input injections – a situation where an attacker can force the agent to perform an unwanted action through a specially crafted request. This is one of the most common attack vectors in AI agent ecosystems.
• Confidential data leaks – skills that could potentially transmit sensitive information to unauthorized locations.
• Insecure interaction with external services – when a module accesses third-party resources without proper authentication and without controlling what is returned in response.
• Excessive permissions – skills that request more access rights than they actually need to function.

It's worth noting: many of these problems are not the result of malicious intent. Most developers simply don't think about security in the context of AI agents the same way they would for a regular web application. This is a new environment with new rules – and the culture of secure development is only just beginning to form here.

AI Agent Security: Why Traditional Tools Are Insufficient

Why Traditional Security Tools Aren't Enough

One of the key points of the study is that standard methods for code and security analysis are poorly suited for AI agent skills. And this isn't obvious at first glance.

The reason is that agent-based systems operate differently from traditional software. An agent makes decisions dynamically, based on conversation context, external data, and its internal state. A skill that appears safe in isolation can become dangerous in a specific chain of interactions. A standard static code analyzer simply doesn't see such scenarios.

This means that protecting AI agent ecosystems requires specialized tools – ones that understand agent logic, can model call chains, and assess risks in the context of the system's specific behavior, rather than just scanning code for known vulnerability patterns.

As of today, such tools are few and far between; they are just beginning to emerge, and the Alibaba Cloud study is one of the signs that the industry is starting to recognize this problem.

AI Agent Market Growth and Security Implications

Scale Matters

30,000 skills is not a small sample. It's a cross-section of the real market, where agent-based systems are already operating in a wide range of fields: from document assistants to business process automation tools.

It's important to understand the context: the market for AI agents is growing very quickly.