Security group warns installed agent skills can quietly steal your passwords and keys: why it is not safe to use
A security group says installed agent skills run with your agent's full access and can quietly copy your passwords, tokens, and cloud keys.
What happened
On June 25, 2026, the Cloud Security Alliance (a nonprofit that sets security standards) published a guide for security leaders on the risks of Claude agent skills. Its main point: an installed skill runs with the same access as your AI agent, so it can read whatever the agent can read, including GitHub tokens, cloud login keys, and saved passwords. The group described a supply-chain campaign in which 1,184 harmful skills went up on a major skill registry across 12 publisher accounts. At the peak, five of the seven most-downloaded skills were confirmed malware (software built to do harm). It also flagged 53,000-plus agent setups running with no monitoring, 280-plus skills leaking API keys and personal data, and a test skill that delivered live ransomware (software that locks your files until you pay).
What it means for you
A skill is not a passive add-on. Once installed, it can copy your credentials and send them somewhere else without asking. Popularity is not proof of safety here. Some of the most-downloaded skills were the harmful ones.
What to do instead
- Treat any skill as unknown code from a stranger.
- Never let your agent auto-run a skill's setup steps. Read them first.
- Prefer skills from a source that reviews and tests them. AgentPod lists only skills it has reviewed and tested, which lowers the odds but does not remove all risk.
Sources:
- https://cloudsecurityalliance.org/blog/2026/06/25/5-claude-agent-skills-risks-every-ciso-should-know
Source: https://cloudsecurityalliance.org/blog/2026/06/25/5-claude-agent-skills-risks-every-ciso-should-know
We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.