CertiK researchers warn that current AI agent marketplace safeguards are insufficient, highlighting how malicious “Skills” can bypass detection and execute harmful commands without stronger runtime protections.
CertiK researchers warn that current AI agent marketplace safeguards are insufficient, highlighting how malicious “Skills” can bypass detection and execute harmful commands without stronger runtime protections.
have raised concerns about the security of emerging AI agent ecosystems, arguing that current marketplace review systems are not sufficient to prevent malicious behavior. In a recent study, the team demonstrated how a compromised third-party “Skill” on the OpenClaw platform could bypass existing safeguards and execute arbitrary commands on a host system. The findings highlight structural weaknesses in how AI agent marketplaces vet and deploy external code. The research focused on the review process used by Clawhub, which includes static code analysis, checks via VirusTotal, and AI-based moderation tools.Crypto Market Review: XRP Ready to Run to $1.70, Ethereum Enters Bullish Mode, Is Shiba Inu Finally in Bull Market? According to CertiK, these mechanisms can be bypassed through relatively minor code modifications. By slightly altering logic or restructuring vulnerabilities, a malicious Skill can appear benign during installation while retaining the ability to execute harmful actions once deployed.This creates a false sense of security for users, as approval by marketplace review systems does not guarantee that a Skill is safe.The proof-of-concept attack underscores a wider issue affecting AI agent ecosystems: security models that rely heavily on pre-deployment review rather than runtime protection. Without safeguards such as sandboxing, strict permission controls, and runtime isolation, platforms are effectively placing too much responsibility on detection systems that were not designed to handle complex, evolving threats.The findings suggest that as AI agent marketplaces expand, the risk of malicious or compromised Skills entering production environments will increase. CertiK researchers argue that the industry must rethink its approach to securing AI agents by prioritizing runtime containment over detection. Instead of assuming that all malicious code can be identified before deployment, platforms should be designed with the expectation that some threats will inevitably bypass review processes. In this model, the focus shifts from preventing every breach to minimizing the potential damage caused by one. This represents a broader transition from a “perfect detection” mindset to one centered on damage containment and system resilience.To address these risks, CertiK outlines several measures for developers building AI agent platforms. Sandboxing should become the default execution model for third-party Skills, ensuring that external code runs in isolated environments rather than directly interacting with host systems. In addition, platforms should implement granular, per-Skill permission frameworks. Each Skill should explicitly declare the resources it needs, with the runtime enforcing those permissions during execution. This approach limits the potential impact of compromised or malicious components. The researchers also emphasize that third-party Skills should not inherit broad, implicit trust from the host system, as this significantly increases the risk of exploitation.For users, the report highlights an important limitation: a “benign” label within a marketplace does not equate to true security. It simply indicates that the existing review pipeline did not detect a threat. Until stronger runtime protections are widely adopted, platforms like OpenClaw may be better suited for lower-risk environments that do not involve sensitive data, credentials, or high-value assets. More broadly, the research points to a structural issue across AI ecosystems. While review processes can help identify obvious threats, they cannot serve as the primary defense mechanism for systems that execute third-party code with elevated privileges.Rather than relying on increasingly complex detection systems, developers must build environments that assume failure is possible and ensure that any breach is contained. This includes adopting stronger isolation techniques, enforcing strict permissions, and treating runtime security as the core protective layer. As AI-driven applications continue to grow in complexity and adoption, the ability to contain risks at runtime may become the defining factor in securing next-generation digital ecosystems.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Americans Warned of Kidnapping Risks From Iran-Aligned Militias in Iraq as Embassy Hit“Americans face a risk of kidnapping, and U.S. individuals have been directly targeted,“ the U.S. embassy in Baghdad warned.
Read more »
Recognizing 'red flags,' financial strategies for life transitionsThis episode of Newsmaker covers the logistical challenges of elder care. Mathieu Bruneau, CEO of Health Pro Assist, provides practical advice for families transitioning elderly relatives into assisted living.
Read more »
CertiK Report Reveals Surging Crypto ATM Fraud With $333M Lost in 2025Crypto ATMs’ minimal verification and fast transactions let criminals turn cash into digital assets in minutes, often before victims notice.
Read more »
Airline CEOs Urge Congress to Fund Homeland Security Amidst Security ConcernsAirline CEOs are advocating for Congress to restore funding for the Department of Homeland Security, citing increasing security threats. The request comes as the funding debate continues, with Senate Democrats facing pressure amidst concerns.
Read more »
Toxicity can feel exciting, but the risks outweigh the rewards.Toxic relationships can feel intense and exciting, but usually for all the wrong reasons. Discover ways to recognize them and save yourself pain in the long run.
Read more »
From signs to half-staff flags, Mooresville pays tribute to Captain Seth KovalFlags across Mooresville are flying at half-staff in honor of Captain Seth Koval, a Mooresville native who was one of six airmen killed on March 12.
Read more »