Security researchers have discovered that malicious AI agent skills can be designed to steal credentials, extract source code, and install backdoors while avoiding detection by many existing security scanning tools.
The research highlights a growing risk for AI-powered coding assistants, where seemingly harmless third-party skills can perform malicious actions once executed.
How the Attack Works
Unlike simple text prompts, AI agent skills can contain instructions, scripts, and additional resources that an AI agent may execute automatically.
Researchers developed an evasion technique called SKILLCLOAK, which hides malicious behavior using code obfuscation and self-extracting payloads. This allows harmful skills to appear legitimate during security checks while preserving their original functionality.
Tests showed that many cloaked skills successfully bypassed existing scanning tools and continued to work normally in AI coding platforms such as Claude Code and Codex.
Runtime Detection Offers Better Protection
To address this issue, researchers introduced SKILLDETONATE, a runtime security system that analyzes what a skill does while it is running instead of relying only on static code inspection.
The system monitors activities such as:
- File access
- Credential usage
- Network connections
- Data transfers
- Process execution
By focusing on runtime behavior rather than code appearance, the approach detected most malicious skills, including obfuscated and packed variants, with a high level of accuracy.
The findings suggest that organizations using AI coding assistants should carefully review third-party agent skills and adopt runtime monitoring solutions, as traditional install-time security checks may no longer be sufficient to detect increasingly sophisticated AI-based threats.
Follow Us on:Linkedin, Instagram, Facebook to get the latest security news!