Technical Report: Exploring the Emerging Threats of the Agent Skill Ecosystem

We analyzed 3,984 AI agent skills from major marketplaces and found 76 confirmed malicious payloads, including credential theft, backdoor installation, and data exfiltration. 13.4% of all skills contain at least one critical-level security issue and at least 8 manually confirmed malicious skills...

Toward Securing AI Agents like Operating Systems

Autonomous agents based on large language models LLMs are rapidly emerging as a general-purpose technology, with recent systems such as OpenClaw extending their capabilities through broad tool use, third-party skills, and deeper integration into user environments. At the same time, these agentic...

security-skills

Security Skills Security Skills is a Hermes Agent skill pack...

PT-2026-39742

CVE-2026-20352 iOS 26.3-Research A Public Open-Source research framework with .py and .sh files created for analyzing iOS 26.3 security mechanisms. This project is designed to be advanced through the collective in... https://t.co/5O6AR6f6H7...

Adding Compilation Metadata to Binaries to Make Disassembly Decidable

The binary executable format is the standard method for distributing and executing software. Yet, it is also as opaque a representation of software as can be. If the binary format were augmented with metadata that provides security-relevant information, such as which data is intended by the...

MAL-2026-2663 Malicious code in tether-wrk-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e816f71a9a4581a5adacb19f57871ba8a9118bb980fbcb97c74d6b601a7e517f The package tether-wrk-base was found to contain malicious code. Source: ghsa-malware dd91537dad139a68aee6f4c63c4f9afb6bd315f2d76ee0e8e998dde7a421ef4...

SkillCyberPunk

Security Vulnerability Scanner A Claude Code plugin that auto...

H4C-WEB

H4C-WEB !/bin/bash =======================================...

Agent Audit: A Security Analysis System for LLM Agent Applications

What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...

Security of Binary-Modulated Optical Key Distribution against Quantum-Enhanced Coherent Eavesdropping

Optical key distribution OKD protects the physical layer of communication links by taking advantage of the inherent noise present in the photodetection process. It allows for efficient generation of a shared random key between two distant users which can subsequently be used for cryptographic...

Systematic Security Analysis of the Iridium Satellite Radio Link

The Iridium Low Earth Orbit LEO satellite constellation remains a unique provider of global communications for critical industries, governments, and private users, serving over 2.5 million active subscribers despite recent market competition. In contrast to terrestrial wireless standards such as...

Don't Let the Claw Grip Your Hand: A Security Analysis and Defense Framework for OpenClaw

Code agents powered by large language models can execute shell commands on behalf of users, introducing severe security vulnerabilities. This paper presents a two-phase security analysis of the OpenClaw platform. As an open-source AI agent framework that operates locally, OpenClaw can be integrat...

CISOs in a Pinch: A Security Analysis of OpenClaw

Learn about OpenClaw a sovereign agent and how this can be viable for enterprises...

CISOs in a Pinch: A Security Analysis of OpenClaw

Learn how Claude Code Security set Cybersecurity stocks on fire...

SNPeek: Side-Channel Analysis for Privacy Applications on Confidential VMs

Revisions Revision Date| Description ---|--- 2026-02-23| Initial publication...

Drawing the LINE: Cryptographic Analysis and Security Improvements for the LINE E2EE Protocol

LINE has emerged as one of the most popular communication platforms in many East Asian countries, including Thailand and Japan, with millions of active users. Therefore, it is essential to understand its security guarantees. In this work, we present the first provable security analysis of the LIN...

securiclaw

🦞 Securiclaw AI-Powered Code Security Scanner Securiclaw...

Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers

Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those...

Backdoor Attacks on Contrastive Continual Learning for IoT Systems

The Internet of Things IoT systems increasingly depend on continual learning to adapt to non-stationary environments. These environments can include factors such as sensor drift, changing user behavior, device aging, and adversarial dynamics. Contrastive continual learning CCL combines contrastiv...

Exploit for Incorrect Authorization in Qualcomm Aqt1000_Firmware

exploit my rework runnigga go fuck yourself scriptkid. this o...