AI skill scanners flag themselves as malware but give sneaky vercel exfiltration a clean bill of health—security theater at its finest

A recent investigation has revealed that popular "AI Skill Scanners" may be providing false security and potentially even malware. These scanners, such as SkillGuard, Skill Defender, and Agent Tinman, claim to detect malicious skills, but they rely on outdated "denylist" mindsets that focus on blocking specific words rather than understanding intent. Researchers tested these scanners against a custom "semi-malicious" skill and found that they failed to detect the threat. For example, Skill Defender deemed a malicious skill "CLEAN" while flagging its own reference files as "DANGEROUS". This highlights the need for AI-native security solutions that use behavioral analysis and intent understanding, such as Snyk's Evo platform, which combines static application security testing with LLM-based intent analysis. According to recent research, 13.4% of skills contain critical security issues, with most going undetected by simple pattern matching. Industry leaders must move beyond static patterns and adopt more comprehensive security solutions to stay ahead of emerging threats.