New 'SkillCloak' trick hides malware in AI agent skills so scanners miss it: why it is not safe to use
Researchers showed a method called SkillCloak that disguises malicious AI agent skills so most scanners miss them while the skills still run normally.
What happened
On July 6, 2026, researchers published a paper called "Cloak and Detonate." It describes SkillCloak, a method that rewrites harmful AI agent skills (add-ons that give an AI assistant new abilities) so they look clean to security scanners while still doing exactly what the attacker built them to do. The team tested it against 8 widely used scanners, using 1,613 real malicious skills collected from the wild. Its main packing trick slipped past every scanner more than 90 percent of the time. Lighter disguises fooled most basic scanners over 80 percent of the time. The hidden skills still ran normally in both Claude Code and OpenAI Codex, with no drop in how well they worked.
What it means for you
A skill can pass an automated "safe" scan and still be malware. Relying on a scan at install time is no longer enough to keep you protected.
What to do instead
- Install skills only from sources where a person reviews and tests them, not just runs a scan.
- Check who made a skill and whether other people have used it before.
- Give a new skill as little access as you can, and watch how it behaves at first.
- On AgentPod, we list only skills we have reviewed and tested by hand.
Sources
- https://thehackernews.com/2026/07/new-skillcloak-technique-lets-malicious.html
- https://gbhackers.com/malicious-agent-skills/
- https://arxiv.org/abs/2607.02357
Source: https://thehackernews.com/2026/07/new-skillcloak-technique-lets-malicious.html
We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.