SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
ID: e85d352d-b159-529f-8fb7-f35552e14b6e
STIX ID: report--e85d352d-b159-529f-8fb7-f35552e14b6e
Feed Name: The Hacker News
Researchers show that malicious "skills" for AI coding agents can be cloaked to bypass static scanners (via look-alike characters, split commands, and packing payloads into ignored directories like .git/), allowing credential theft, source-code exfiltration, or backdoors; a runtime sandbox detector (SKILLDETONATE) catches most attacks but is slower. Real-world scans and reports (Bitdefender, Koi Security, Unit 42) already find many malicious skills on marketplaces, so defenders should treat a "passed scan" as a starting point: monitor runtime behavior, flag large/opaque files in ignored folders, re-check hashes before execution, and apply least-privilege to agents and vetted sources.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
