logo

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

ID: e85d352d-b159-529f-8fb7-f35552e14b6e

STIX ID: report--e85d352d-b159-529f-8fb7-f35552e14b6e

Feed Name: The Hacker News

Threat Score
75/100

Date Published: 2026-07-06

Date Updated: 2026-07-06

Author: [email protected] (The Hacker News)

...
...

Researchers show that malicious "skills" for AI coding agents can be cloaked to bypass static scanners (via look-alike characters, split commands, and packing payloads into ignored directories like .git/), allowing credential theft, source-code exfiltration, or backdoors; a runtime sandbox detector (SKILLDETONATE) catches most attacks but is slower. Real-world scans and reports (Bitdefender, Koi Security, Unit 42) already find many malicious skills on marketplaces, so defenders should treat a "passed scan" as a starting point: monitor runtime behavior, flag large/opaque files in ignored folders, re-check hashes before execution, and apply least-privilege to agents and vetted sources.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.