Agent Skills – Open Security Database

Buckle up: the AI watchdog wars just kicked off. A new public index claims it can test AI “skills” — bite-size add‑ons that tell bots what to do — and score their risk. The site, index.tego.security/skills, says it checks a skill’s instructions, capabilities, and permissions, then flags anything that doesn’t match what it promises. Early hype came fast: one user called it “the first dedicated database” tracking these risks, and security‑minded folks applauded a central place to sanity‑check what teams install.

But the comment section had other plans. A loud camp rolled its eyes, calling it obvious self‑promo and sneering that “insecure skills” is just a new label for an old problem: engineers installing random stuff and hoping for the best. One standout critic branded it “superficial marketing BS”, arguing this is no different than copy‑pasting risky commands from the internet. Cue the memes: jokes about “antivirus for ChatGPT,” “npm install my doom,” and a cartoon of Clippy holding a padlock. The drama boils down to a classic split: helpful guardrails vs. hypeware gimmick. Whether this index becomes a go‑to safety checklist or just another shiny dashboard depends on whether teams embrace it — or keep cowboy‑coding without a seatbelt.