AI Agent Security • Use Case
Know what an AI agent skill doesbefore it touches your systems
AI agent skills read your files, run commands, and access credentials. One malicious skill can compromise your data and infrastructure — silently. Mondoo AI Skills Check is a free, agent-agnostic scanner that shows you exactly what a skill does before you install it, across any registry and any AI agent.
Why audit skills before use?
AI agent skills are powerful extensions that execute with full access to your system. A single malicious skill can compromise your data, credentials, and infrastructure.
Skills execute with your permissions
When you install an AI agent skill, it runs with your credentials and file system access. A malicious skill can read SSH keys, exfiltrate environment variables, or install persistence — all silently.
Prompt injection is invisible
Attackers embed hidden instructions using zero-width characters, Unicode steganography, or HTML comments. These are invisible to human review but parsed by the LLM. Only automated scanning catches them.
Supply chain attacks are growing
Skill registries are the new npm/PyPI for AI agents. Attackers publish skills that claim to be helpful but contain credential harvesters, reverse shells, or data exfiltration pipelines hidden in the code.
Agents act autonomously
Unlike traditional software, AI agents make decisions and take actions without step-by-step human approval. A compromised skill can convince an agent to bypass safety controls, escalate privileges, or execute unauthorized financial transactions.
The Threat Landscape
Agentic AI is shipping faster than anyone is securing it
These aren't theoretical risks. They're live campaigns targeting the layer between your developers' intent and the actions agents take on their behalf.
Researchers discovered them in the incident now known as ClawHavoc. No marketplace review caught them. They sat there, available for any developer to install with a single command.
MCP servers Trend Micro found exposed to the internet with zero authentication.
Google DeepMind's "AI Agent Traps" research identified: content injection, semantic manipulation, cognitive state poisoning, behavioral control, systemic attacks, and human-in-the-loop exploitation.
The share of organizations Cisco's State of AI Security 2026 report found are ready to secure agentic AI deployments.
Your AppSec stack has a blind spot shaped like an AI agent
Your developers install skills into Claude Code on Monday, extensions into Cursor on Tuesday, and plugins into Windsurf on Wednesday — pulling from ClawHub, Skills.sh, GitHub gists, internal mirrors, and whatever link a teammate drops in Slack.
- —SCA scanners don't understand SKILL.md files.
- —Registry-side scanning only covers one registry feeding one agent.
- —Every agent your team uses creates a different blind spot.
Registry-side scanning is a good first layer. But it runs on the registry's terms, at publish time, for the skills it hosts. That's a floor, not a ceiling. Your agent estate is heterogeneous. Your security layer needs to be too.
The Solution
Mondoo AI Skills Check: independent, agent-agnostic, free
Search any skill by name, registry, or PURL. See exactly what it claims to do, what it actually does, and where the risks are — before installation. Free. No subscription required.
Mondoo AI Skills Check detects prompt injection, credential theft, data exfiltration, agent impersonation, and 25+ threat types before they reach your agents. It's mapped to MITRE ATLAS and aligned to the OWASP LLM Top 10, so findings drop cleanly into the governance frameworks your security team already uses.
How It Works
Four core security layers. One CVSS-scored verdict.
Pattern Match
Identifies known malicious signatures, credential harvesting patterns, data exfiltration URLs, and behavioral indicators that match documented attack campaigns like ClawHavoc.
ML Classifier
Machine learning models trained on both malicious and benign skills score risk probability — catching novel threats that don't match known patterns.
Semantic Analysis
Reads the skill's description, instructions, and behavioral claims to detect contradictions, misleading language, and scope creep. A skill that claims to be "open-source" and "auditable" but ships with a proprietary backend license gets flagged.
Deep Inspection
Examines how the skill interacts with external services, what permissions it requests, whether it encourages reduced human oversight, and whether its actual behavior matches its stated purpose.
The output
A CVSS-scored assessment with detailed findings, each tagged by severity (Critical, High, Medium, Low) and category (behavioral_control, semantic_manipulation, systemic, human_in_the_loop, cognitive_state, description_mismatch). Every scanned skill includes SKILL.md integrity hashes (MD5, SHA-1, SHA-256, TLSH) for verification.
The difference between a description and the truth
Every AI Skills Check assessment includes a side-by-side breakdown of what a skill says it does versus what it actually does, based on deep code and configuration analysis.
Example — A flagged "business automation agent"
Helpful assistant for prospecting, email management, and content generation.
- •Monitored Gmail inboxes
- •Drafted and sent emails autonomously, without per-action approval
- •Posted to Twitter, TikTok, and LinkedIn on a schedule
- •Stored historical communication data to learn from past email patterns
- •Routed all traffic through a free-tier hosting service with no organizational trust signals
findings
or Critical
Without behavioral comparison, you'd just see a description that sounded productive.
That's the gap AI Skills Check closes.
Works across the agents and registries your team already uses
More integrations underway.
25+ threat types in total.
Built for the teams running agentic AI in production
CISOs & security leaders
Need a defensible answer to "how are we securing agentic AI?" across a multi-agent estate.
AppSec & platform security teams
Extending supply-chain controls to a layer SCA and SAST don't cover.
Developer productivity & platform engineering
Approving skills for internal use across Claude Code, Cursor, Windsurf, and custom agents.
GRC & compliance
Teams who need structured, CVSS-scored findings that map to MITRE ATLAS and OWASP LLM Top 10.
Incident responders
Investigating skill-based compromises with integrity hashes and a behavioral forensics trail.
What you get with Mondoo AI Skills Check
Free public scanner
Search any skill by name, registry, or PURL. No subscription.
Agent-agnostic coverage
Claude Code, Cursor, Windsurf, custom Anthropic SDK agents, MCP servers.
Registry-independent
ClawHub, Skills.sh, GitHub, and any PURL-identified source.
Leaderboard & Most Risky lists
Audit what your team is likely already using, ranked by popularity and risk.
Public assessment pages
Shareable, linkable risk reports with findings, integrity hashes, and behavioral analysis.
Framework alignment
MITRE ATLAS mapped, OWASP LLM Top 10 aligned, CVSS scored.
Enterprise assessment
Private-skill scanning, CI integration, and governance workflows for organizations with internal skill mirrors or proprietary skills.
Why Mondoo
The agentic vulnerability management platform
Mondoo has spent years helping 300+ organizations — including Fortune 50 companies — close the gap between finding vulnerabilities and actually fixing them. Customers using Mondoo have:
AI agent security is the next frontier of that mission. We're raising the floor on it for everyone — free, agent-agnostic, and available without a subscription — rather than gating it behind a paywall.
Teams are installing AI agent skills with very little visibility into how they actually behave or what they have access to. These skills can act on behalf of users, which raises the stakes significantly. We built AI Skills Check to close that gap, so organizations can see real risks before a skill even gets access to your systems — and for free.
Three ways to start securing your agent estate today
Scan a public skill — free.
Search by name, registry, or PURL at mondoo.com/ai-agent-security. No subscription required.
Scan NowAudit what your team is already using.
Browse the Most Popular leaderboard and the Most Risky list to see which widely-used skills carry the highest risk scores.
Explore SkillsAssess private or internal skills.
For organizations that need assessments on proprietary skills or want to integrate AI Skills Check into CI and governance workflows across every agent in their estate.
Get an AssessmentAI agent skills are infrastructure. Secure them like it.
They're the connective tissue between your developers' intent and the actions agents take on their behalf. Securing that layer isn't optional — it's the same category of problem as securing your container images, your IAM policies, or your software supply chain. And like those categories, it needs a unified control plane, not one gate per vendor.