Original Research

Original research on AI skill trust

Reproducible methodology. Real GitHub data. Every score reproducible from public sources. The methodology and source data are documented in each report so independent researchers can replicate or extend the findings.

Original Research April 27, 2026 9 min read

State of MCP Security — April 2026

83% of MCP Registry servers carry a disqualifier flag.

Random sample of 202 servers from the 2,703 GitHub-backed entries in the official MCP Registry. 58% are single-author with low adoption. 21% have no LICENSE. Average legitimacy: 3.05/10. Zero known CVEs. Top server has 40 stars — trust isn't dominated by popularity.

Original Research April 27, 2026 8 min read

State of ClawHub Trust — April 2026

0% of 200 ClawHub skills declared their security posture in SKILL.md.

200 ClawHub skills representing 1.36M GitHub stars scored across 15 signals. 10.5% Verified, 81% Established, 7.5% Blocked. Solid is the universal weak spot. The transparency gap is a coordination failure, not a security failure.

Analysis April 23, 2026

Your AI Skill Might Have a Known CVE. Nobody Was Checking.

15 of 427 skills hard-blocked when we cross-referenced OSV, CISA KEV, and EPSS.

AI skill scanners look for prompt injection and credential exfil. They miss known CVEs sitting in the npm package underneath. The published-vulnerability layer is unwatched in agent-tool ecosystems.

Product April 2, 2026

Score Any MCP Server — Even Without a GitHub Repo

Cross-registry trust scoring with automatic source resolution.

MCP Skills now accepts npm packages, Smithery URLs, and OpenClaw skills — not just GitHub repos. The resolver finds the source, runs the full algorithm, and falls back to a partial 7-signal score when no source repo exists.

Original Research March 8, 2026 6 min read

State of AI Skill Security — March 2026

Stars and brand recognition don't predict the score.

10 popular AI tools and developer libraries scored. The official MCP Servers repo has 80K stars and scored lower than every other tool on the list. Maintenance cadence, security posture, and spec compliance are what separate "popular" from "trustworthy."

Analysis March 8, 2026

ClawHavoc and the Missing Trust Layer

1,184 malicious AI skills, 7,700 downloads before detection.

Why the AI skill ecosystem needs a multi-dimensional trust layer. VirusTotal scanning alone explicitly cannot assess trust, detect prompt injection, or evaluate code quality.

How-To March 8, 2026

How to Check if an AI Skill is Safe Before Installing

Step-by-step: find the source, scan, read the tier, decode the dimensions.

Practical guide for vetting an AI skill or MCP server before giving it access to your terminal, environment variables, and credentials.

Score your own

Free trust report — paste any GitHub repo, npm package, Smithery URL, or OpenClaw skill.