Skip to content
Public Threat Feed

AI Agent Blacklist

After scanning 96,096 skills,
ATR flagged 1,302 with risks.
552 confirmed as malware.

This list is fully public. Anyone can check.

1,302
flagged
552
confirmed malware
957
CRITICAL
339
HIGH
Known Threat Actors
Click for full profile
hightower6eu
Active
354
malicious skills (100%)

A 100%-malicious publisher on OpenClaw distributing 354 poisoned skills disguised as cryptocurrency and Google Workspace tools. Uses password-protected archives and paste services to bypass automated scanning.

View full profile →
sakaen736jih
Active
198
malicious skills (93%)

The most technically direct actor of the three. Ships skills with base64-encoded curl-to-bash payloads that call back to C2 server 91.92.242.30 for arbitrary command execution.

View full profile →
52yuanchangxing
Active
99
malicious skills (72%)

Targets Chinese-speaking developers with business-tool skill disguises. Mixes malicious and benign skills (72% malicious) as a credibility-building and removal-evasion strategy.

View full profile →
ATR Verified Whitelist
VERIFIED

These skills passed ATR's 113-rule scan
with zero CRITICAL / HIGH findings.
Safe to use.

jhillin8/healthy-eating
2,847 dl
ATR Scanned - No Issues
jhillin8/daily-motivation
2,060 dl
ATR Scanned - No Issues
epwhesq/virtually-us
1,833 dl
ATR Scanned - No Issues
ivangdavila/philosophy
893 dl
ATR Scanned - No Issues
ivangdavila/english
843 dl
ATR Scanned - No Issues
ivangdavila/polish
738 dl
ATR Scanned - No Issues
ivangdavila/spanish
710 dl
ATR Scanned - No Issues
ivangdavila/estonian
669 dl
ATR Scanned - No Issues
ivangdavila/hebrew
667 dl
ATR Scanned - No Issues
afengzi/market-news
665 dl
ATR Scanned - No Issues
ivangdavila/vietnamese
665 dl
ATR Scanned - No Issues
ivangdavila/hindi
658 dl
ATR Scanned - No Issues
ivangdavila/dutch
657 dl
ATR Scanned - No Issues
ivangdavila/slovak
648 dl
ATR Scanned - No Issues
ivangdavila/lithuanian
637 dl
ATR Scanned - No Issues
ivangdavila/catalan
635 dl
ATR Scanned - No Issues
ivangdavila/irish
634 dl
ATR Scanned - No Issues
ivangdavila/latvian
625 dl
ATR Scanned - No Issues
ivangdavila/portuguese
624 dl
ATR Scanned - No Issues
ivangdavila/hungarian
615 dl
ATR Scanned - No Issues
ivangdavila/italian
614 dl
ATR Scanned - No Issues
View all 40 verified skills →
Full Blacklist
1,302

Every flagged skill lives in the public blacklist.json. Any CI, registry, or agent framework can pull it directly.

View full blacklist.json →Download raw JSON

This list is generated from ATR ecosystem scans
and synced with Threat Cloud.
Being flagged does not guarantee malice —
check the specific rules for risk assessment.
Report false positives via GitHub Issues.