Find notable cyber news and cases, enriched with sources, timelines, and signals.

SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware

Technical Analysis
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

SKILLCLOAK shows that malicious AI coding-agent skills can be rewritten to evade static scanners while still executing, exposing credentials, source code, and terminal access to hidden payloads. The same research introduces SKILLDETONATE, a runtime checker that inspects behavior instead of appearance and catches most disguised skills the scanners miss. Tests across eight scanners and 1,613 malicious skills from ClawHub found the packing trick evaded detection more than 90% of the time. The result shifts trust from install-time file review to runtime observation.

Related Happenings

AI coding assistants GhostApproval symlink security flaw

Vulnerability
H score22 First: 09.07.2026 07:27 Last: 09.07.2026 07:27 Sources 1

About this happening: A **July 8** disclosure identified **GhostApproval**, a **symlink** flaw in **six AI coding assistants** that can redirect approved writes into **~/.ssh/authorized_keys** or **~/....

Defensive guidance for splitting behavioral detections around AI coding agents on Windows endpoints

Defensive Guidance
H score28 First: 08.07.2026 20:02 Last: 08.07.2026 20:02 Sources 1

About this happening: AI coding agents on **Windows endpoints** are triggering attacker-style detections, forcing defenders to separate benign automation from real **credential theft** risk. A **June 2...

HalluSquatting indirect prompt-injection attack on AI coding assistants

Technical Analysis
H score3 First: 08.07.2026 18:07 Last: 08.07.2026 18:07 Sources 1

About this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....

Skills.sh scanner blind spot for externally linked AI agent skills

Security Tool/Service
H score22 First: 23.06.2026 18:16 Last: 23.06.2026 18:16 Sources 1

About this happening: Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...

JustAskJacky fake AI assistant malware campaign

Campaign
H score33 First: 04.06.2026 17:00 Last: 04.06.2026 17:00 Sources 1

About this happening: The **JustAskJacky** campaign is distributing a fake **AI assistant** that installs a **backdoor**, turning trusted-looking software into a malware delivery path. The operation us...

Timeline

  1. 06.07.2026 09:33 2 articles · 3d ago

    HKUST researchers show malicious AI agent skills can evade static scanners

    Technical Analysis Update

    Researchers at the Hong Kong University of Science and Technology showed that malicious AI coding-agent skills can evade static scanners by using SKILLCLOAK to rewrite giveaway bytes, split flagged commands across newlines, or hide payloads in skipped directories such as .git/ while preserving execution. The same work introduces SKILLDETONATE, a runtime sandbox checker that watches file access and data flow instead of file appearance; the report says the packing trick evaded every tested scanner more than 90% of the time across eight scanners and 1,613 malicious ClawHub skills, while SKILLDETONATE caught 97% of attacks in controlled tests and 87% of real-world malicious skills.

    Show sources