Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology.
Their strongest trick slipped past every scanner tested more than 90% of the time, and the same team built a runtime checker that catches most of the

source https://thehackernews.com/2026/07/new-skillcloak-technique-lets-malicious.html

source https://thehackernews.com/2026/07/new-skillcloak-technique-lets-malicious.html