The Agent Skills Gold Rush Has a Malware Problem

Three weeks ago, ClawHub had roughly 2,800 skills in its registry. Today it has over 10,700. In that same window, security researchers found more than 800 malicious packages — approximately 20% of the entire registry — primarily delivering Atomic macOS Stealer. One user uploaded 354 malicious packages in what appears to have been an automated blitz. There was no static analysis. No code review. No signing requirement. Just an open door and a welcome mat. The Marketplace Explosion The skills marketplace isn't just ClawHub anymore. The landscape has fractured into a dozen competing registries, each with its own trade-offs between scale and safety: SkillsMP leads with 96,000+ skills and Claude Code compatibility — but zero security audit. MCP.so hosts 17,000+ MCP servers with universal compatibility. SkillHub offers 7,000+ with AI-based quality scoring (though scoring doesn't check security — a distinction worth noting). And Vercel just entered with Skills.sh, a shell-based ecosystem they