Last updated: July 7, 2026 at 3:10 AM UTC
All 566 Vulnerability 203 Breach 107 Threat 249 Defense 7
Tag: skillcloak (1 article)Clear

SkillCloak hides malicious AI agent skills from the scanners meant to catch them

Researchers at the Hong Kong University of Science and Technology showed that the static scanners meant to vet add-on "skills" for AI coding agents like Claude Code can be fooled while the malware keeps working. Their technique, SkillCloak, either rewrites the tell-tale bytes a scanner looks for, using look-alike characters and line breaks, or hides the whole payload in a directory scanners skip, such as .git, behind a decoder that rebuilds it only when the agent runs the skill. Across eight scanners and 1,613 real malicious skills, the packing trick evaded detection more than 90 percent of the time. The researchers argue static scanning is not enough and released a runtime checker.

Check
If you scan AI agent skills, test whether your scanner inspects ignored directories like .git and normalizes look-alike characters, and add runtime behavior monitoring rather than relying on static analysis alone.
Affected
Anyone installing third-party skills for AI coding agents; these run with the agent's permissions, and static scanners, even strong ones, miss most cloaked malicious skills while the payload still executes.
Fix
Do not rely on static scanning alone for AI agent skills, add runtime monitoring of what skills do, vet skill sources strictly, restrict skill permissions, and treat marketplace skills as untrusted code.