Research from Hong Kong University of Science and Technology demonstrates that security scanners designed to detect malicious AI agent skills can be systematically evaded using self-extracting packing and character obfuscation. SkillCloak achieved over 90% bypass rate across 8 established scanners, while the proposed SkillDetonate solution caught 97% of attacks through runtime behavioral monitoring. This analysis includes Tekin Lab practical testing, real-world attacks on ClawHub marketplace, and actionable mitigation strategies for development teams.
The Growing Security Gap in AI Agent Ecosystems As artificial intelligence rapidly integrates into software development workflows, a critical security vulnerability is emerging that threatens the entire
AI agent ecosystem. Research published by the Hong Kong University of Science and Technology reveals that security scanners designed to detect malicious add-on "skills" for AI coding agents can be systematically
fooled through simple but effective evasion techniques. [IMAGE_PLACEHOLDER_1] The study, titled "Cloak and Detonate," introduces SkillCloak, a tool that rewrites malicious skills to appear completely benign
while preserving their destructive capabilities. What makes this research particularly alarming is not just its theoretical implications, but the fact that similar techniques are already being exploited
in the wild across public skill marketplaces. Skills are small packages, typically consisting of a Markdown instruction file plus a few scripts, that agents such as Claude Code, OpenAI Codex, and OpenClaw
load to acquire new capabilities. Because a skill is fundamentally just a bundle of files, the same one can run across different agents. And critically, it executes with the agent's full system access
including your files, your terminal, and your stored credentials. Anatomy of the Attack: How SkillCloak Operates The research team developed two complementary approaches for evading security scanners,
both automated through the SkillCloak tool. Understanding these techniques is essential for security professionals and developers who rely on AI agents in their workflows. Method One: Lightweight Character
Read Full Article