What happened
HKUST researchers published 'Cloak and Detonate' (arXiv, disclosed July 6, 2026), showing SkillCloak evades all 8 evaluated static agent-skill scanners over 90% of the time via self-extracting packing, and introducing SkillDetonate, a sandboxed runtime behavioral-auditing system that detects 97% of attacks (2% false-positive rate) and 87% on real-world malicious skills targeting Claude Code and OpenAI Codex.
Why it matters
Demonstrates static scanning of AI agent skill marketplaces (ClawHub etc.) is fundamentally insufficient, pushing the industry toward runtime/behavioral detonation as a required control for the emerging agent-skill supply chain.
Applicability
Teams operating or securing AI agent skill/plugin marketplaces (Claude Code, Codex, similar) should evaluate behavioral sandboxing controls rather than relying solely on static scanners.