OpenClaw and NVIDIA release security dataset for 67,000 agent skills

Jun 1, 2026

OpenClaw and NVIDIA released a security dataset covering 67,453 agent skills on ClawHub. It introduces NVIDIA SkillSpector, a scanner for agentic risk—hidden instructions or overbroad capabilities. Every skill now includes a Skill Card documenting verified provenance and scan results rather than publisher descriptions.

Dataset size: 67,453 skills
Malicious rate: 0.31%
Agentic risk rate: 48.71%
Max scanner agreement: 8.5%
Verification model: GPT-5.5

Data shows scanners rarely agree, matching on only 8.5% of risks. While malware is rare, nearly half of skills were flagged for agentic risk. This extends the NVIDIA NemoClaw initiative to move beyond code analysis toward semantic verification, catching risks that standard virus scanners miss.

Access the dataset on Hugging Face to benchmark security tools or audit agent deployments. This release fulfills the OpenClaw security roadmap for standardizing plugin provenance. The ClawScan pipeline, using GPT-5.5 to weigh signals, is now the default verification gate for all new skills published to the registry.

View the full update on openclaw.ai

OpenClaw🦞

@openclaw2d ago

In collaboration with @nvidia, we’re open-sourcing a dataset of security scans for 67,453 ClawHub skills on @huggingface: - NVIDIA SkillSpector flagged 1/2 for agentic risk - Only 0.31% were malicious - No two scanners agreed on more than 8.5% of risks https://t.co/ml624ExiLG

73602

View on X

Still wondering? A few quick answers below.

NVIDIA SkillSpector is a security scanner that uses AI-assisted semantic analysis to identify agentic risks in AI agent skills. Unlike traditional malware scanners, it detects hidden instructions, risky code paths, and mismatches between a skill's declared purpose and its actual behavior.

A Skill Card is a verified trust artifact that accompanies every skill on the ClawHub registry. It documents the skill's publisher, capabilities, and security scan results. These cards are generated by the ClawScan pipeline to ensure users have verified information before installing a skill.

ClawScan is a verification pipeline that acts as an LLM-as-judge. It takes inputs from three independent scanners—VirusTotal, static analysis, and NVIDIA SkillSpector—and uses GPT-5.5 to weigh the conflicting signals. It then produces a final verdict of Clean, Suspicious, or Malicious for each skill.

Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →

Keep reading

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

NVIDIA released a verification framework for agent skills that uses automated scanning and cryptographic signing to ensure AI instructions are safe and authentic. While previous security focused on isolating the agent's environment, this shift brings governance directly to the capabilities an agent learns and executes.

Tom DörrMar 26

ClawHub Is the Public Skill Registry for OpenClaw Agents

ClawHub is an open registry where developers publish, version, and discover reusable skill packs for OpenClaw agents. Skills are text-based SKILL.md packages searchable via vector embeddings and installable through a CLI. A companion registry at onlycrabs.ai handles agent system-lore files.

OpenClaw adds plugin approval hooks to secure autonomous AI tool calls

OpenClawMar 29

OpenClaw adds plugin approval hooks to secure autonomous AI tool calls

OpenClaw v2026.3.28 introduces plugin approval hooks that allow AI agents to pause for user permission before executing sensitive tool calls. The update also integrates the xAI Responses API with native web search and adds Agent Communication Protocol binds for Discord and iMessage. This shift toward human-in-the-loop controls addresses the growing need for safety and transparency in self-hosted autonomous systems.

Anthropic Cybersecurity Skills Library Maps 754 Capabilities to Five Frameworks

Nicolas KrassasApr 6

Anthropic Cybersecurity Skills Library Maps 754 Capabilities to Five Frameworks

The Anthropic-Cybersecurity-Skills library now aligns 754 modular AI agent capabilities with five major security frameworks, including new coverage for AI-specific threats and risk management. This update provides a standardized knowledge layer that allows autonomous agents to perform security tasks while remaining compliant with enterprise standards.

What is NVIDIA SkillSpector?

What is a ClawHub Skill Card?

How does ClawScan work?

Keep reading

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

ClawHub Is the Public Skill Registry for OpenClaw Agents

ClawHub Is the Public Skill Registry for OpenClaw Agents

OpenClaw adds plugin approval hooks to secure autonomous AI tool calls

OpenClaw adds plugin approval hooks to secure autonomous AI tool calls

Anthropic Cybersecurity Skills Library Maps 754 Capabilities to Five Frameworks

Anthropic Cybersecurity Skills Library Maps 754 Capabilities to Five Frameworks

Keep reading

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

ClawHub Is the Public Skill Registry for OpenClaw Agents

ClawHub Is the Public Skill Registry for OpenClaw Agents

OpenClaw adds plugin approval hooks to secure autonomous AI tool calls

OpenClaw adds plugin approval hooks to secure autonomous AI tool calls

Anthropic Cybersecurity Skills Library Maps 754 Capabilities to Five Frameworks

Anthropic Cybersecurity Skills Library Maps 754 Capabilities to Five Frameworks