Security researchers have uncovered a concerning vulnerability in how organizations scan for malicious AI agent skills. A new technique dubbed "SkillCloak" enables malicious add-on capabilities for AI coding agents to bypass static security scanners effectively, creating a significant gap in current defensive postures.

Researchers at the Hong Kong University of Science and Technology discovered that surprisingly simple modifications can allow malware to slip past traditional scanning mechanisms while remaining fully operational. Their investigation focused on how self-extracting packing techniques can disguise malicious code within otherwise seemingly legitimate AI agent skills. This method involves compressing and encrypting harmful components that only unpack during execution, effectively hiding them from static analysis tools that examine code without running it.

The team's most successful evasion technique demonstrated a staggering effectiveness, bypassing all tested security scanners in more than 90% of attempts. This finding is particularly alarming given the increasing integration of AI coding agents into software development environments. Organizations using these