Agent skills extend AI agents with reusable instructions, tools, scripts, references, and workflows, establishing a security boundary distinct from both model safety and traditional package-malware detection. ClawHub Security Signals is a sanitized dataset of 67,453 latest public OpenClaw skill versions. Each row pairs redacted SKILL.md content and sanitized bundled files where present with a final ClawScan registry verdict and evidence from three scanner families: VirusTotal, static heuristic analysis, and NVIDIA SkillSpector. Rather than estimating malicious-skill prevalence, we study scanner disagreement. The three scanners rarely flag the same skills: any pair overlaps on at most 10.4% of their combined positives, only 0.69% of skills are flagged by all three, and 81.9% of flagged skills are identified by a single scanner. The disagreement is structured by attack surface. SkillSpector, which raises semantic agentic-risk advisories rather than malware-reputation signals, is positive for 19,209 of 25,504 suspicious rows (75.3%) but only 14 of 206 malicious rows (6.8%). The malicious-verdict region shows the inverse profile: 150 of 206 malicious rows (72.8%) are VirusTotal-positive, consistent with bundled-code malware evidence. These results show that agent-skill security requires layered governance, not single-scanner allow/block decisions. The corpus is released as a sanitized silver-standard dataset: labels are the registry's automated verdicts, not human-annotated ground truth, and the release represents an early, versioned snapshot intended to support the community while a human-annotated subset is developed. Further research is encouraged, including models tailored for skill-security triage.

翻译：智能体技能通过可复用的指令、工具、脚本、参考文档及工作流扩展AI智能体，建立了区别于模型安全与传统软件包恶意软件检测的安全边界。ClawHub安全信号是一个包含67,453个最新公共OpenClaw技能版本的净化数据集。每行数据包含经脱敏处理的SKILL.md内容及清理后的捆绑文件（若存在），并附带ClawScan注册表的最终判定结果以及三类扫描工具的证据：VirusTotal、静态启发式分析和NVIDIA SkillSpector。本研究不旨在评估恶意技能的普遍性，而是聚焦于扫描工具之间的分歧。三种扫描工具极少标记相同的技能：任意两者重叠的阳性结果最多占其联合阳性集的10.4%，仅0.69%的技能被三者同时标记，而81.9%被标记的技能仅由单一扫描工具识别。这种分歧具有结构化的攻击面特征。SkillSpector主要发出语义性智能体风险预警而非恶意软件声誉信号，在25,504个可疑样本中有19,209个（75.3%）呈阳性，但在206个恶意样本中仅14个（6.8%）呈阳性。恶意判定区域则呈现相反特征：206个恶意样本中有150个（72.8%）为VirusTotal阳性，这与捆绑代码的恶意软件证据一致。这些结果表明，智能体技能安全需要分层治理，而非单一扫描工具的准入/拦截决策。本语料库以净化银标准数据集形式发布：标签来自注册表的自动化判定而非人工标注的基准真相，当前版本作为早期快照发布，旨在支持社区研究，后续将开发人工标注子集。我们鼓励开展进一步研究，包括针对技能安全分类的定制化模型。