TrustSkills
BlogCompareGlossaryDetections

Definition

Agent skill

A packaged set of instructions, tool definitions, and capability declarations that extends what an AI agent can do. Skills are distributed through marketplaces like ClawHub and installed into agent runtimes like OpenClaw. Because skills execute with the permissions of the agent, a malicious or poorly written skill can cause the agent to exfiltrate data, contact attacker-controlled servers, or take destructive actions.

Related terms

OpenClaw

An agentic AI platform that allows users to build, install, and run AI agents that can use skills fr

ClawHub

The official marketplace for OpenClaw agent skills. Skills are published by third-party authors and

Supply chain attack

An attack that compromises software or services upstream of the target organization, so the maliciou

Deep dive

Best practices

8 best practices before you install an AI agent skill

Installing an AI skill is not like installing a harmless theme. You are often extending a control plane that can read data, reach services, and trigger real actions on your behalf.

Scan a skill before you install it

TrustSkills detects the threats described in this glossary before you install a ClawHub skill. Free. No account required.

Run a free scan