ClawHub, Cisco, Vercel’s Malicious Skill Detector Bypassed to upload Malicious Skills

Trail of Bits research shows that AI skill marketplaces and open-source skill scanners (ClawHub, Cisco, Vercel) can be trivially bypassed using simple obfuscation and packaging techniques—such as newline padding to truncate analysis, embedding precompiled .pyc bytecode, hiding scripts inside document archives, and prompt-injection—that let malicious skills pass automated scans and potentially access environment data; researchers recommend treating public skills as untrusted and adopting supply-chain controls (curated repos, strict access controls, version pinning).