New SkillCloak Technique Enables Malicious AI Skills to Evade Detection

New SkillCloak Technique Enables Malicious AI Skills to Evade Detection

First seen 6 Jul 2026, 12:23 UTC ThehackernewsGbhackersCybersecuritynewsFeeds.4Sysops 76% similarity 66.0

Article Content

Browse articles
ThreatCluster

A new technique called SkillCloak allows malicious AI agent skills to bypass existing static skill scanners over 90% of the time. These skills can steal credentials, exfiltrate source code, and install backdoors, posing a significant risk to AI coding assistants like Claude Code and OpenAI Codex. Current defenses, primarily relying on static pattern matching, are ineffective against adaptive evasions. Researchers emphasize that runtime behavior auditing offers better resilience against these threats. The scope of impact includes a wide range of AI tools that utilize third-party agent skills, creating a substantial software supply-chain attack surface. As of now, the threat remains active, with no confirmed mitigation strategies reported.

Key Points: • SkillCloak technique bypasses static scanners over 90% of the time. • Malicious agent skills can steal credentials and install backdoors. • Runtime behavior auditing is more effective than static scanning.

ThreatCluster AI

Timeline

2026-07-06
SkillCloak technique disclosed
Researchers revealed that the SkillCloak technique enables malicious AI skills to evade static scanners, posing significant risks to AI coding tools.
Feeds.4Sysops
2026-07-06
Malicious skills identified
Studies confirmed that malicious AI agent skills can exfiltrate sensitive data while bypassing many current auditing systems.
Gbhackers
2026-07-06
Malware targeting AI assistants found
New malware targeting popular AI coding assistants was reported, highlighting vulnerabilities in agent skills.
Cybersecuritynews
2026-07-06
Call for better security controls
Experts urged for improved security measures to protect AI agents from malicious skills and software supply-chain attacks.
Thehackernews

Community

Browse all →