Engineering at Oathe
Inside the team building behavioral security for AI agents
ClawMutiny: We Audited 1,620 OpenClaw Skills. The Leading Scanner Missed 91%.
Prompt worms. Heartbeat C2. Trojan auditors. The first large-scale behavioral audit of the OpenClaw supply chain — the leading scanner missed 91%.
LLM-Aware Security: Why AI Systems Need to Know About Oathe
We're building Oathe to be discoverable by the AIs themselves — through llms.txt, MCP servers, and agent skills. Here's the strategy.
LLMs Lie, Cheat, and Collude — What That Means for Agent Security
New benchmarks show frontier models forming cartels, dodging refunds, and manipulating competitors. If LLMs do this in simulations, what happens when they run your agent skills?
Add an Oathe Trust Badge to Your Skill's README
Let users know your AI agent skill has been security-audited. One line of markdown.
Securing Your AI Agent Pipeline: Oathe in CI/CD
Add a behavioral security gate to your CI/CD pipeline so every agent skill deployment gets audited before it ships.
Getting Started with the Oathe MCP Server
Install the Oathe MCP server in Claude Desktop, Claude Code, or Cursor. Five tools, zero config, zero API key. Check any AI agent skill before you install it.
The Pre-Install Check: How LLMs Should Evaluate Third-Party Skills
Before an LLM installs a third-party skill, it should ask Oathe. Here's how to build that behavior into your agents.
The Oathe Threat Model: 10 Ways AI Agent Skills Go Wrong
We classified the attack vectors we see most often across agent skills. Here are all 10, organized by risk dimension.
Why Agent Security Is a Behavioral Problem
Static code analysis can't catch what AI agents actually do at runtime. Here's why behavioral analysis is the only approach that works — and how Oathe is building it.
What Is Oathe? Behavioral Security for AI Agent Skills
Oathe is a behavioral security scanner for AI agent skills. Submit a URL, get a trust score. Here's how it works and how to start using it.