VIDEO
HIGHLIGHT
Log InSign up
Your AI Agent Has a Virus (Here's the Fix)
SummaryTranscriptChat

Your AI Agent Has a Virus (Here's the Fix)

AI Agent Skills and Universal Skills Manager

Introduction to AI Agent Skills

  • Jacob introduces the topic of AI agent skills, highlighting their significance and uniqueness compared to Model Context Protocol (MCP).
  • He explains that skills are essentially markdown files containing specific instructions for AI agents on how to perform tasks effectively.

Risks Associated with AI Skills

  • Jacob discusses the growing prevalence of skills, likening them to npm packages or app stores, which can be easily downloaded and deployed.
  • He references a recent malware attack on Clawhub, emphasizing the dangers of deploying malicious skills without proper knowledge.
  • The incident led Clawhub to partner with Virus Total in an effort to mitigate risks associated with malicious skills.

Introducing the Universal Skills Manager

  • Jacob presents the Universal Skills Manager as a solution for managing risks while enjoying the benefits of AI skills.
  • This manager is described as a skill itself, equipped with scripts that help search, install, synchronize, and most importantly, scan and validate downloaded skills for safety.

Demonstration Using Notebook LM

  • Jacob mentions using Notebook LM alongside his other projects (Notebook LM MCP and CLI), showcasing how he utilizes AI-generated resources for content creation.
  • He emphasizes that all resources shown were created by AI rather than himself.

Overview of Universal Skills Manager Functionality

  • A short video is introduced explaining how the Universal Skills Manager functions as a secure hub for managing AI coding tools.
  • The video outlines that each tool has separate skill folders leading to disorganization and potential security risks due to unrestricted access granted by many downloaded skills.

Security Features of the Universal Skills Manager

  • The manager operates through a four-step process: search, scan, install, and sync. It searches multiple marketplaces simultaneously for desired skills.
  • A deep security scan checks over 20 different aspects including prompt injection and credential theft before installation occurs through a secure pipeline.

Accessibility and Open Source Nature

  • Jacob highlights that the Universal Skills Manager is free to use and open source, allowing users full transparency regarding its functionality.

Conclusion

  • The presentation wraps up by encouraging viewers to take control of their AI workflow using this innovative tool.

Skills Manager Installation and Demo

Overview of Skills Manager

  • The speaker introduces the Skills Manager, indicating a demo will follow to showcase its capabilities starting from installation.
  • The current version is 159, with multiple revisions and updates since the last video was created.

Installation Process

  • Installation is straightforward; users need to copy a command line to install all supported tools automatically.
  • The Skills Manager supports ten specific tools for installation, including options for cloud desktop or cloud AI setups.

Cloud Support Features

  • A dedicated process for cloud installations is highlighted, allowing users to install skills on specific tools if desired.
  • Users can run commands that specify which tool they want to install skills on, enhancing customization during setup.

API Key Setup

  • Three providers are supported: Skills MP (200,000+ skills), Skillhub (187,000 skills), and Clawhub (fewer skills due to cautious additions).
  • During installation, users are prompted to set up an API key for Skills MP. Generating this key is free and simple.

Invoking the Universal Skills Manager

  • After installation, users can invoke the Universal Skills Manager using either a direct request or slash command.
  • The system proactively scans the environment for available skills without prompting from the user.

Skill Deployment and Management

  • Users can request deployment of specific skills across applications; reports indicate where skills are installed or missing.
  • An example of deploying the "humanizer" skill shows how it synchronizes across systems after confirming user intent.

Searching and Downloading Skills

  • Users can search for specific skills in the database; if no API key is provided, it defaults to searching without one.
  • The system identifies available versions of requested skills from repositories like GitHub based on popularity ratings.

Handling Errors in Skill Downloads

  • If errors occur during downloads due to strict checks on skill structure (especially for cloud desktop), users are informed.
  • Users have options to download both original unmodified files and corrected versions suitable for their environment.

How to Add Skills to Cloud Desktop

Adding Skills and Troubleshooting

  • The process of downloading a skill manually may lead to errors; it's essential to follow the correct method for adding skills.
  • Users can add skills through their username settings in the capabilities section, where they can search for built-in skills or upload custom instructions.
  • Demonstration of uploading a skill shows that using an incorrect version will not work, emphasizing the importance of deploying the right files.

Exploring Available Skills

  • A query for top skills on Clawhub reveals that it sorts and formats information into a clear table, showcasing popular development-oriented skills from Facebook.
  • Caution is advised as star ratings reflect the main repository rather than individual skills, which could be misleading.

Searching for Specific Skills

  • A search for "universal skills manager" on Skills MP confirms its availability across different platforms like Open Claw or Claw Hub.
  • Multiple options exist for obtaining desired skills, encouraging users to explore various repositories.

Recommendations and Conclusion

  • Viewers are encouraged to install the universal skills manager as their first skill, highlighting its ease of use without needing API integration if using specific hubs.
Video description

Your AI Agent is a security risk waiting to happen. In this video, I unveil the Universal Skills Manager (USM) - the first open-source "App Store" Manager and security layer for AI skills. We cover how to stop malicious skills from hijacking your Agent/computer, how to search and sync skills across Claude, Cursor, and Gemini instantly, and I demo a live install where the USM actually *fixes* broken skills on the fly and zips them for Claude Desktop. šŸ”— Universal Skills Manager Repo: https://github.com/jacob-bd/universal-skills-manager šŸ”— NotebookLM on USM created by OpenClaw: https://notebooklm.google.com/notebook/8a2e594b-a5e6-4813-87f1-dc72b4e6e57e šŸ”— SkillsMP: https://skillsmp.com/ šŸ”— SkillHub: https://skills.palebluedot.live/ šŸ”— ClawHub: https://clawhub.ai/ šŸ”„ Why you need this: If you download agent skills from ClawHub/SkillHub, you are bypassing security checks. You are at risk. USM scans every skill for various security risks, including prompt injections, and validates the structure before installation. **šŸ“š Smart Chapters:** 00:00 - The Hidden Danger of AI Skills (Malware) 02:35 - Introducing Universal Skills Manager 04:30 - NotebookLM Explains the Security Gap 06:53 - Live Demo: Installing USM (one command) 08:48 - The 3 Major Skill Marketplaces 09:37 - Generating API Key on SkillsMP (optional) 11:16 - Syncing Skills Across All AI Tools 12:00 - Searching for the Humanizer skill with Claude Code 13:29 - Live Hacking: USM Fixing a Broken Claude Desktop Skill 15:18 - Installing a skill on Claude Desktop 15:40 - Listing top 10 skills on SkillHub 16:38 - Listing top 5 skills on ClawHub #AIAgents #CyberSecurity #ClaudeAI #UniversalSkillsManager #OpenSource