Most single-scanner approaches miss important dimensions of agent-skill risk. This dataset surfaces why: scanner positives are frequent but rarely overlap across malware reputation (VirusTotal), static heuristics, and semantic agent-risk analysis (SkillSpector). That structured disagreement makes the dataset useful for research into layered governance, ensemble detection, and trust signals for LLM-powered agent ecosystems.
What Sets It Apart
- Multi-source, evidence-first records: each row separates ClawScan's final registry-style verdict (clean / suspicious / malicious) from the supporting scanner inputs (VirusTotal, static findings, SkillSpector), allowing researchers to treat scanner outputs as evidence rather than ground truth and to experiment with aggregation strategies.
- Scale with provenance: 67,453 latest public skill-version rows, ~333k scanner-result rows, and ~58k sanitized bundle files (278.9 MB) give broad coverage across registry metadata, bundled artifacts, and scanner outputs for empirical analysis.
- Focus on scanner disagreement and semantics: canonical statistics (e.g., SkillSpector positive rate ~48–50% vs. VirusTotal positives ~7–8%, pairwise Jaccard ≤0.104) demonstrate that different tools inspect distinct attack surfaces — a core insight for building layered review pipelines and calibration studies.
- Safety-first sanitation: private identifiers, raw secrets, and runnable private artifacts are redacted; the dataset is a silver-standard corpus where
clawscan_verdictis an operational registry label, not human-adjudicated ground truth.
Who It's For and Trade-offs
Great fit if you want empirical evidence about how malware-reputation, static analysis, and semantic agent-risk tools disagree; to develop ensemble detectors, calibration and uncertainty models; or to study governance policies for skill registries. The dataset is also suited for workflow experiments (train/validation/test/eval_holdout splits are deterministic).
Look elsewhere if you need human-adjudicated ground-truth labels for maliciousness, full raw package contents, or live scanning endpoints — this release intentionally omits raw private packages and runnable secrets, and treats scanner positives as evidence rather than definitive labels.
Where It Fits
Use this dataset alongside scanner-specific corpora (e.g., raw VirusTotal feeds) when you need both broad registry context and semantic agent-risk advisories. It is primarily research-grade: ideal for papers, model evaluation, and tooling that reasons about multi-source trust, but not as a drop-in blocklist for install-time enforcement.