---
title: "One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it"
date: 2026-05-05
source: https://venturebeat.com/security/one-command-open-source-repo-ai-agent-backdoor-openclaw-supply-chain-scanner
description: "CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical security issues. No SAST or SCA scanner detects malicious instructions at the agent integration layer."
---

# One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical security issues. No SAST or SCA scanner detects malicious instructions at the agent integration layer.

*Published: 2026-05-05*