OpenClaw Shows Why Agents Need a Bill of Materials
Renewed discussion of OpenClaw's local-agent takeover risk shows why teams need an Agent Bill of Materials for skills, plugins, MCP servers, and connectors.
#verification
11 articles with this tag.
Cisco Cloud Control Makes Agent Tool Governance Mainstream
Cisco's Cloud Control launch puts AI agents, MCP connectors, and third-party tool marketplaces inside critical infrastructure operations.
Vercel's Skills API Turns Agent Skills Into Infrastructure
Vercel opened the skills.sh API for programmatic access to 600,000+ agent skills. That is useful, but it makes skill verification a platform concern.
VIPER-MCP Shows Agent Tools Need Taint Scanning
VIPER-MCP found 106 confirmed zero-days across nearly 40,000 MCP server repos. Agent tool security now needs code-level taint analysis, not just trust prompts.
Microsoft ACS: Agent Controls Move Into the Runtime
Microsoft's Agent Control Specification gives agent teams a portable runtime policy layer for tool calls, approvals, and audit evidence.
NSA MCP Guidance: Inventory Agent Tools Before They Drift
NSA's MCP security guidance turns the agent tooling debate into an operational checklist: inventory servers, verify tool changes, and scan before trust drifts.
When Trusted Packages Turn Hostile: Cascading Supply Chain Attacks
TeamPCP compromises legitimate packages and cascades through the supply chain via stolen credentials. Why this attack pattern evades detection.
You're Using Claude Code Skills. Do You Know What's in Them?
Claude Code skills can read files, run commands, and access credentials. What the skill ecosystem gets wrong about security — and how to protect yourself.
Why Scanning Architecture Matters: Comparing Skill Registry Security
Comparing install-time scanning, reactive moderation, and dual-side verification — and the supply chain attack vectors each security model misses.
Introducing SkillSafe: Why AI Coding Skills Need a Verified Registry
341 malicious AI skills were found on a major registry. SkillSafe scans before sharing, re-verifies on install, and blocks tampered code automatically.
How Dual-Side Verification Protects Against Supply Chain Attacks
How SkillSafe dual-side verification works: publisher scans, consumer re-scans, and cryptographic tree hashes that detect tampering before install.