Chainguard Launches Agent Skills — Hardened Supply Chain Security for AI Agent Skill Ecosystems After OpenClaw ClawHub Attacks

On March 18, 2026, Chainguard announced Chainguard Agent Skills, a new product addressing one of the fastest-growing attack surfaces in the AI agent ecosystem: supply chain attacks on AI agent skills.

What Are Agent Skills? AI agent skills are small, modular instruction sets that extend what an AI agent can do. Developers install skills to add capabilities such as browser automation, PDF processing, database access, and code-generation workflows. These skills are dynamically pulled at runtime from open registries — a pattern that has become a major security vulnerability.

The Problem: According to Chainguard CEO Dan Lorenc, skills are already being targeted at scale. 'We see a lot of skill hijacking with AI skills now,' Lorenc told The New Stack. 'These tools pull down whatever tools they feel like at runtime if you are deploying them insecurely. There was a big attack on the skills ecosystem a few weeks ago for OpenClaw. That is how people share OpenClaw workflows.'

Without permission controls or oversight, agent skills have become the latest target of widespread supply chain attacks — following the same trajectory that container images and npm packages experienced years earlier.

How Chainguard Agent Skills Works:

1. Automatic Ingestion: Skills are automatically ingested from open source registries
2. Security Vetting: Each skill is measured against a comprehensive security and quality ruleset
3. Hardening: Chainguard reconciliation agents automatically harden the skills
4. Audit Trail: Published skills include a complete, verifiable audit trail
5. Continuous Maintenance: The catalog is continuously updated and maintained

Lorenc drew parallels to the container security journey: 'Container images showed us how quickly software artifacts can become supply chain risks once they are adopted and trusted at scale. AI agent skills are emerging along an even faster trajectory. As AI agents become embedded in the software development lifecycle, the skills that shape their behavior become part of the supply chain itself.'

Broader Context: This announcement comes at a critical moment. The New Stack reports that attacks on AI skill ecosystems — platforms like skills.sh where agents pull tools dynamically at runtime — are already happening at scale. The recent OpenClaw ClawHub attack demonstrated how a single compromised skill could propagate across thousands of agent deployments.

Chainguard Repository will expand later in 2026 to cover Python and Java libraries, container images, OS packages, and virtual machines, creating a comprehensive hardened supply chain for AI agent infrastructure.

Chainguard Agent Skills is currently available in beta.