SkillCloak packing helps malicious AI agent skills bypass static scanners
Source headline: SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
Intelligence Summary
Researchers describe SkillCloak, a technique that lets malicious “skills” for AI coding agents evade static detection. The method uses self-extracting packing and small code changes to defeat scanner heuristics. In testing, the technique bypassed every scanner more than 90% of the time. A runtime checker was also developed to catch most of the malicious behavior during execution. Users running third-party agent skills should treat uploads and integrations as high-risk and enforce runtime validation and tighter vetting.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.