As AI coding assistants continue to grow in popularity, so does the attack surface surrounding them. A newly disclosed technique known as SkillCloak demonstrates how malicious AI “skills” can bypass traditional static security scanners while still executing harmful code once installed.
Researchers from the Hong Kong University of Science and Technology found that attackers can disguise malicious skills by hiding their payloads in locations that many scanners ignore or by slightly altering their structure without changing their functionality. The result is alarming: these modified skills were able to evade detection in more than 90% of the scanners tested.
The bigger concern is that AI agent skills often execute with the same permissions as the user. That means a malicious skill could potentially access sensitive files, steal credentials, exfiltrate source code, or even establish persistence on a system without raising immediate suspicion.
The research also highlights an important shift in defensive strategy. Instead of relying solely on static analysis, security tools should increasingly monitor a skill’s behavior at runtime. Observing what a skill actually reads, writes, and transmits provides a much stronger indication of malicious activity than simply inspecting its contents before installation.
As AI ecosystems continue to expand, this serves as another reminder that trust should never be based on appearance alone. Whether you’re using AI coding agents in development or production, installing skills only from trusted sources, limiting their permissions, and adopting runtime monitoring will be essential steps in reducing risk.
This article is based on reporting by Swati Khandelwal at The Hacker News and research published by the Hong Kong University of Science and Technology.
Top comments (0)