TrustSkills Blogs

Field notes for the AI agent security frontier

Every post on this page is written to support a security decision. We cite the reporting, standards, and vendor documentation we relied on so readers can validate the analysis themselves.

Compliance10 min read

EU AI Act and AI agent skills: what organizations need to know before August 2026

August 2 is not just another compliance date. It is when the European Commission gains the authority to issue fines for GPAI model violations — and the supply chain that includes your agent skills is in scope.

June 10, 2026/Sources: European Commission / EU Artificial Intelligence Act / Legiscope

Research brief7 min read

Data exfiltration in AI agent skills: how attackers steal credentials through ClawHub

The most damaging ClawHub attacks are not the flashy ones. They are the skills that quietly read your credentials and send them to an attacker-controlled server while appearing to do something useful.

May 14, 2026/Sources: AuthMind / VentureBeat / Waxell

Best practices6 min read

How to scan an AI agent skill for malware before you install it

Most users install ClawHub skills without reviewing the code. Here is a repeatable, five-minute process that catches the threats that visual review and star ratings miss.

May 2, 2026/Sources: Snyk / Palo Alto Networks Unit 42 / OWASP

Basic knowledge9 min read

What is MCP server security?

MCP servers extend what AI agents can do. That is also what makes them a security boundary. Understanding the threat surface is essential before you connect one to a model with real capabilities.

April 18, 2026/Sources: Cisco / Snyk / OWASP

Research brief8 min read

ClawHavoc explained: the supply chain attack that put 1,184 malicious skills on ClawHub

ClawHavoc placed over 1,000 malicious skills on the ClawHub marketplace in early 2026. Understanding the attack pattern is the first step to defending against the next campaign like it.

April 10, 2026/Sources: Palo Alto Networks Unit 42 / Snyk / AuthMind

Research brief6 min read

ClawJacked shows why localhost is not a security boundary

The ClawJacked disclosure is a strong reminder that a local gateway is still reachable from a malicious browser tab if the surrounding trust model is weak.

March 25, 2026/Sources: Oasis Security / OpenClaw Docs

Best practices8 min read

8 best practices before you install an AI agent skill

Installing an AI skill is not like installing a harmless theme. You are often extending a control plane that can read data, reach services, and trigger real actions on your behalf.

March 24, 2026/Sources: OWASP / Google / NIST

Basic knowledge7 min read

What is prompt injection?

Prompt injection is not just a clever string. It is any input that changes a model's behavior in a way the system designer did not intend, especially when the model can reach tools, data, and accounts.

March 23, 2026/Sources: OWASP / Microsoft Learn / OpenClaw Docs

Security news6 min read

The OpenClaw inbox incident is a security lesson, not a meme

The reported OpenClaw inbox wipe did not just expose model unreliability. It showed why approvals, identity separation, and destructive-action controls must live outside the prompt.

March 22, 2026/Sources: TechCrunch / Tom's Hardware / OWASP