Mass audit finds 140k issues

Mobb collected public “skills” from four registries — skills.sh, ClawHub, GitHub, and Tessl — and mapped a developer→registry→skill→agent→system supply chain to show where attacks can gain access. (thenewstack.io) The audit found that two-thirds of skills showed no flagged patterns under Mobb’s rules, while the remainder exposed exploitable behaviors: 27% of flagged skills contained command-execution patterns, roughly one in six embedded curl | sh delivery chains, and about 15% referenced mechanisms to bypass user consent. (thenewstack.io) Mobb’s CEO Eitan Worcel warned that installed skills execute with a developer’s local permissions and that registries typically scan at publish time but provide almost no runtime verification once a skill runs on a machine. (thenewstack.io) Sonatype’s Guide introduces an MCP server, an enhanced component search, and the Nexus One Platform API to deliver real‑time open‑source intelligence into IDEs and CI workflows so AI coding assistants can be steered toward safe, vetted packages. (infoq.com) Sonatype researchers reported LLMs can “hallucinate” package recommendations up to 27% of the time, and Sonatype states early enterprise adopters using Guide saw a ~3x improvement in secure code generation and a >5x reduction in dependency‑remediation costs. (infoq.com) Independent scans from Snyk’s “ToxicSkills” research found similar ecosystem risk, reporting about 36.8% of scanned skills contained at least one security flaw and identifying 1,467 skills with malicious or vulnerable payloads during their study. (snyk.io) Open community tooling and guidance are already being published to address the gap: the skill-audit and agentnode security‑audit repositories provide pattern detectors aligned to the OWASP Agentic AI Top 10, and OWASP’s AI Agent Security cheat sheet lists runtime and supply‑chain mitigations for skills. (github.com)