ToxicSkills Report Reveals 36% of AI Agent Skills Contain Security Flaws as AI Crypto Tokens Surge

The rapid growth of AI-powered crypto tools encountered a sobering reality check on February 5, 2026, as cybersecurity firm Snyk released its groundbreaking ToxicSkills study revealing that 36.82 percent of all AI agent skills in the public ecosystem contain at least one security vulnerability. The report, which scanned 3,984 skills from ClawHub and skills.sh, found 1,467 skills with security flaws and 534 containing critical-level issues including malware distribution, credential theft, and prompt injection attacks.

The Agentic Protocol

The Snyk research represents the first comprehensive security audit of the AI Agent Skills ecosystem, a marketplace of reusable capability packages that instruct AI agents how to interact with tools, APIs, and system resources. These skills power not only personal assistants like OpenClaw but also coding agents such as Claude Code and Cursor, creating a supply chain security challenge that mirrors the early, chaotic days of npm and Python package registries. The researchers identified 76 confirmed malicious payloads designed specifically for credential theft, backdoor installation, and data exfiltration, with 8 of these malicious skills still publicly available on clawhub.ai at the time of publication.

The timing of this report is particularly significant given the explosive growth in AI agent token trading. MEXC, one of the fastest-growing cryptocurrency exchanges, reported on the same day that its January newly listed token spot trading volume surged 65 percent compared to December, with AI tokens and DePIN projects leading the charge. The exchange highlighted that daily skill submissions jumped from under 50 in mid-January to over 500 by early February, a tenfold increase in just weeks.

Neural Network Integration

The intersection of neural network capabilities and blockchain infrastructure creates unique security challenges that traditional application security frameworks were not designed to address. Agent skills operate with the full permissions of their host environment, unlike traditional software packages that typically execute in sandboxed contexts. This means a malicious skill can access file systems, API credentials, and network resources with the same privileges as the agent itself. Snyk found that 13.4 percent of all audited skills contained at least one critical-level security issue, a strikingly high percentage for an ecosystem that handles sensitive financial data and authentication credentials.

The research also documented the first coordinated malware campaign targeting users of AI coding agents, with over 30 malicious skills distributed through ClawHub in a single coordinated operation. These skills employed prompt injection techniques to manipulate the host agent into executing unintended commands, potentially exposing private keys, wallet seeds, and API tokens to attacker-controlled servers.

Token Utility

AI-focused crypto tokens have emerged as the primary vehicle for funding and incentivizing the development of agent skills and decentralized AI infrastructure. With the total market capitalization of AI-focused cryptocurrencies growing rapidly in early 2026, these tokens represent both the promise and the peril of the AI-blockchain convergence. MEXC’s data showing a 65 percent volume surge in newly listed AI tokens indicates strong market demand, but the Snyk report suggests that much of the underlying infrastructure remains dangerously insecure.

The DePIN sector, which encompasses decentralized physical infrastructure networks providing compute power for AI workloads, represents a growing segment of this market. Projects building decentralized compute platforms, GPU marketplaces, and distributed inference networks are attracting significant capital, but their security foundations must mature to match their market valuations.

Potential Bottlenecks

Several obstacles could slow the development of a secure AI agent ecosystem. The hypergrowth in skill publications outpaces the capacity of security auditors to review submissions, creating a widening gap between available skills and verified-safe skills. The Snyk researchers intentionally tuned their detectors to minimize false positives, meaning the 36.82 percent figure likely understates the true scope of security issues in the ecosystem.

Additionally, the cross-platform nature of agent skills creates complex dependency chains where a vulnerability in a single shared component can propagate across dozens of downstream applications. The lack of standardized security frameworks for agent skill development means that each ecosystem, whether OpenClaw, Claude Code, or Cursor, must independently develop and enforce its own security policies.

Final Verdict

The ToxicSkills report serves as a necessary wake-up call for the AI crypto ecosystem. The 65 percent surge in AI token trading volume reported by MEXC demonstrates genuine market enthusiasm for AI-blockchain convergence, but the 36.82 percent vulnerability rate in agent skills reveals an infrastructure that is scaling faster than its security foundations can support. For investors and developers alike, the path forward requires treating security as a first-class concern rather than an afterthought. The projects that will ultimately succeed in this space will be those that can combine innovative AI capabilities with rigorous security practices, earning user trust through demonstrated safety rather than marketing claims.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before engaging with any cryptocurrency protocol or token.