ThreatBook SafeSkill

What is ThreatBook SafeSkill?

ThreatBook SafeSkill (safeskill.io) is an AI agent skill supply-chain security platform — it vets the third-party "skills" you install into AI agents (Cursor, Claude Code, VS Code, ClawHub, and other MCP-style skill hubs) before they ever execute on your machine or in your enterprise environment.

The threat it addresses is concrete and growing: AI agent skills are installed and updated at roughly 40% month-on-month growth, and they execute with broad filesystem, network, and credential access on the user's behalf. A malicious or compromised skill is functionally equivalent to a malware package — but unlike traditional package managers, agent skill registries have minimal review processes. SafeSkill closes that gap by running each skill through a multi-stage detection pipeline backed by ThreatBook's threat intelligence database.

Who's behind it

SafeSkill is built by ThreatBook (微步在线 / Weibu), a cybersecurity vendor with offices in Singapore, Hong Kong, China, and the UAE. ThreatBook operates one of the largest commercial threat-intelligence datasets in the region — over 100 billion malicious samples, with around 1.2 million new samples added daily. The same intelligence backbone that powers ThreatBook's ATI (threat intel) and TDP (network detection) products feeds the SafeSkill scanner.

What it actually detects

SafeSkill's 7-stage pipeline checks each skill package for:

• Supply-chain poisoning — including the ClawHavoc campaign (1,000+ malicious packages discovered in mainstream skill registries)
• Prompt-injection attacks — instructions embedded in skill descriptions that hijack the host LLM
• Backdoors disguised as normal functionality — code paths that activate under specific triggers
• Dynamic execution evasion — curl | sh patterns, base64-encoded payloads, runtime code generation
• Markdown encoding obfuscation — hidden instructions inside what looks like documentation
• .env credential exfiltration — skills that quietly read and ship environment variables
• Malicious logic in PR-merge stages — code that activates only on specific git operations
• C2 (command-and-control) channels — domains the skill phones home to
• Multi-layer obfuscation — packed, minified, or encrypted payloads
• Vulnerability-lure RCE chains — skills that introduce known CVEs to enable later exploitation

How the pipeline works

Every skill goes through seven analysis stages:

1. Data collection — fetch the full skill package + metadata
2. Metadata extraction — author, dependencies, registry reputation
3. Threat-feature matching — Yara rules, YAML patterns, AST analysis
4. LLM-powered code-intent review — language-model analysis of what the code actually does, not just what it claims to do
5. URL deep inspection — every domain in the skill cross-checked against threat intelligence
6. Sub-file analysis — recursive scan of nested scripts, binaries, markdown, .env templates
7. Sandbox simulation — actual execution in an isolated environment with behavioural monitoring

The output is a structured analysis report with a multi-dimensional weighted trust score, plus a security badge that can be displayed in skill marketplaces.

Three ways to deploy

The enterprise API is what most security-conscious teams adopt — it lets you gate every skill that enters your private MCP / Claude Skills registry, with continuous re-scanning on version updates.

Skill Hub — the curated marketplace

Alongside the scanner, SafeSkill operates Skill Hub — a marketplace of more than 100,000 pre-validated AI agent skills covering 10+ scenario categories: data processing, office automation, system operations, multimedia, code development, security operations, customer service, research, workflow automation, and knowledge management. Each listed skill carries a trust score and security badge, with developer reputation tracking and community vulnerability reporting.

Pricing

• Free tier — browser-based scanner, public skills, individual developer use
• Enterprise — pricing on request via the SafeSkill demo form; includes API access, CI/CD integration, private skill registry vetting, dedicated threat-intel feeds

Why APAC teams care

Most AI-agent skill registries today are dominated by US-based hosts (Anthropic, GitHub, OpenAI-adjacent infrastructure), but the security review processes are minimal. For enterprises in Singapore, Hong Kong, Tokyo, Seoul, Sydney, Mumbai, Jakarta running Claude Code or Cursor inside regulated environments (financial services, healthcare, government contracting), shipping a skill to production without supply-chain review is increasingly a compliance issue. SafeSkill's APAC presence (Singapore, Hong Kong offices), regional threat-intel coverage, and CI/CD integration make it one of the few credible vetting solutions sitting in the right jurisdictions for ASEAN and East Asian compliance frameworks.

Verdict

If you (or your engineering org) are running AI agents that install third-party skills — and most teams using Cursor or Claude Code now are — SafeSkill is in the same operational category as a package-manager security scanner (Snyk, Socket, Phylum) but specialised for the agent-skills ecosystem where conventional scanners don't yet have signature coverage. The free tier is enough for individual developers; the enterprise API is the natural fit for any team treating their agent runtime as production infrastructure.

Visit safeskill.io or the ThreatBook SafeSkill product page for current pricing and demo access.