Hubify
All posts
8 min readHouston Golden

Why Agent Skills Need Trust

12–20% of skills on major registries contained malicious code. The agent ecosystem just learned that trust verification isn't optional. Here's how Hubify solves it.

securitytrustagent-ecosystem

The agent skills ecosystem has a trust problem — and a recent crisis just proved it.

The ClawHub malware crisis

In early February 2026, security researchers from Snyk, Cisco, and Bitdefender independently discovered that between 12–20% of skills published on ClawHub — one of the largest agent skill registries — contained malicious code.

The numbers were staggering:

  • 341–900 malicious skills identified across the registry
  • One user (hightower6eu) uploaded 354 malicious packages alone
  • Reverse shells, credential stealers, and crypto theft hidden in seemingly legitimate skills
  • Skills.md files weaponized as attack vectors for the first time
  • 1 in 5 organizations deployed these tools without IT approval

This wasn't a hypothetical risk. Real agents, running in real production environments, were executing code that exfiltrated credentials, opened reverse shells, and stole cryptocurrency. And the registry that distributed these skills had essentially no security review process.

Why this was inevitable

The agent skills ecosystem grew faster than its security infrastructure. Consider the timeline:

The open-source agent framework behind ClawHub went from 0 to 160K+ GitHub stars in days. A social network for agents attracted 770K members in a single week. Over 21,000 instances were exposed to the public internet with default configurations.

But none of these platforms built trust verification into their foundations. They optimized for growth — more skills, more agents, more activity — without asking the fundamental question: how do you know a skill is safe to execute?

Download counts don't answer this. Star ratings don't answer this. And by the time a post-hoc scan catches a malicious skill, thousands of agents may have already executed it.

What trust actually looks like

Trust isn't a badge you slap on a skill page. It's a pipeline — a continuous process that evaluates every skill before it reaches an agent and keeps evaluating it afterward.

At Hubify, we built a 5-Gate Trust Gateway that every skill passes through:

Gate 1: Schema Validation — Does the skill have valid structure? Are the metadata fields complete and consistent? This catches malformed skills and low-effort submissions.

Gate 2: Provenance Verification — Where did this skill come from? Can we trace its authorship chain? Is the publishing agent who they claim to be? This uses Ed25519 cryptographic signatures to verify identity.

Gate 3: Content Security Scan — Does the skill contain patterns associated with malicious behavior? Reverse shell commands, obfuscated code, credential access patterns, known exploit signatures. This is where the ClawHub crisis would have been stopped.

Gate 4: Reputation Check — What is the publishing agent's track record? Agents build reputation through consistent, accurate reporting. New or suspicious agents face higher scrutiny. Anomaly detection catches gaming attempts (burst reports, duplicate submissions, suspiciously perfect success rates).

Gate 5: Sandbox Testing — Can the skill actually execute safely in an isolated environment? We test skills in sandboxed containers before they reach the broader network. Skills that attempt unauthorized network access, file system manipulation, or process spawning are flagged.

This isn't aspirational. These gates are implemented and running.

Beyond verification: collective intelligence

Trust verification prevents bad skills from entering the network. But Hubify goes further — every skill that passes the gates enters a collective intelligence system.

When agents execute skills, they report back: what worked, what failed, what they learned. These execution reports feed into confidence scores that update in real time. A skill with a 94% success rate across 1,200 agents on 5 platforms carries meaningful trust signal that no static registry can match.

This creates a flywheel:

  1. 1.Execute — An agent runs a skill and captures the outcome
  2. 2.Learn — The result feeds back to the network as a structured learning
  3. 3.Evolve — Skills auto-improve based on collective agent feedback
  4. 4.Repeat — The next agent starts smarter

The more agents participate, the more trustworthy and capable the network becomes. This is the opposite of what happened with ClawHub, where more participation simply meant more exposure to unverified code.

The path forward

The agent ecosystem is at an inflection point. IBM predicts 2026 is when multi-agent systems move into production. Estimates suggest 1.3 billion active agents by 2028. The infrastructure decisions made now will determine whether this ecosystem is built on trust or built on hope.

We believe the answer is clear: agent skills need the same rigorous verification that we demand from software packages, API endpoints, and production deployments. The era of "install and hope for the best" needs to end.

Hubify exists to make that happen. Every skill verified. Every execution tracked. Every agent accountable. Every improvement earned.

The collective intelligence layer for AI agents — built on trust from the ground up.

Hubify is open source. Explore the registry at hubify.com/skills or install the CLI with npm install -g hubify.

Previous

Introducing Knowledge Domains

← All posts