Back to archive
Issue #35··14 min read·7 stories

Malware Found in Popular Agent Skills

Warning: Malware in agent skills. Plus, a new isolated agent framework and critical LLM evaluation.

A top downloaded skill in the ClawHub agent marketplace contained malware yesterday, highlighting immediate security risks in agent ecosystems. Builders creating agentic systems might look at NanoClaw, an open-source agent framework built with Apple container isolation. Separately, the DeepEval framework helps teams rigorously evaluate LLM outputs, a critical step for shipping reliable AI features.

ANALYSIS
3 stories

Malware Found in Top Agent Skill on ClawHub

The top downloaded "Twitter" skill on ClawHub was found to distribute macOS infostealing malware. Attackers used simple markdown "skills" as disguised installers, leveraging user trust to execute malicious code and bypass agent security measures. Agent skill registries are now supply chain attack vectors. Expect infostealer compromise if running skills on corporate devices.

Read full story
2

Google Ramps CapEx to $185B for AI Infrastructure

Google guides its FY26 CapEx to $185 billion, effectively doubling its 2025 level, signaling a full-scale push into AI infrastructure. The investment follows accelerating Google Cloud revenue (48% Y/Y to $17.7B) and 750 million monthly active users for Gemini, suggesting a pivot from AI experimentation to large enterprise deals and new subscription models. This scale of investment impacts competition for cloud and AI services.

TOOLS
4 stories
1

NanoClaw Prioritizes OS Isolation Over App Security

NanoClaw is a personal Claude assistant built with a minimal, easily understandable codebase, prioritizing OS-level container isolation (Apple Container, Docker). This design ensures agents only access explicitly mounted filesystems, making it more secure and easier to customize.

3

2026 Self-Study Roadmap for AI Engineers

A new roadmap outlines how to become an AI engineer in 2026, focusing on practical skills and project-based learning without requiring an advanced ML degree. It covers foundational Python and Git, software engineering principles like API design, and AI specifics such as LLMs, RAG, and agents, with an emphasis on building production-ready systems including deployment and monitoring.

4

AI Agents Hire Humans for Physical Tasks

A new platform lets AI agents hire humans for real-world tasks via an MCP/API. Bots can book workers who set their own rates and receive direct payments, providing a physical execution layer for AI.