Anthropic Skill scanners passed every check. The malicious code rode in on a test file.

Anthropic Skill scanners passed every check. The malicious code rode in on a test file.

Anthropic Skill Scanners Fail to Detect Malicious Code in Test Files

A recent security disclosure by Gecko Security researcher Jeevan Jutla has highlighted a critical vulnerability in the Anthropic Skill scanner, a tool designed to analyze and detect malicious code in skills pulled from ClawHub or skills.sh. According to Jutla's findings, the scanner failed to detect a malicious code that was embedded in a test file, which was not part of the agent execution surface.

Background & Context

The Anthropic Skill scanner is a widely used tool in the development community, designed to provide an additional layer of security and detection for skills and code pulled from external sources. However, Jutla's research has revealed a blind spot in the scanner's detection capabilities, specifically when it comes to test files. The researcher demonstrated that a malicious skill can bundle a test file, which is then executed by the Jest and Vitest testing frameworks, allowing the malicious code to run with full access to the filesystem, environment variables, and SSH keys.

Impact on Swiss SMEs & Finance

This vulnerability has significant implications for Swiss SMEs and the finance industry, where security and trust are paramount. The fact that a widely used tool like the Anthropic Skill scanner has a blind spot in its detection capabilities raises concerns about the security of code and skills being used in development environments. This could potentially lead to data breaches, unauthorized access, and other security risks. Furthermore, the fact that test files are not part of the agent execution surface means that publicly documented scanners, including the Anthropic Skill scanner, do not inspect them, leaving a gap in security coverage.

What to Watch

As a result of this disclosure, developers and security teams should be on high alert for potential security risks related to test files and skills. It is essential to review and update security protocols and procedures to ensure that test files are properly scanned and monitored. Additionally, the development community should be aware of the potential for malicious code to be embedded in test files and take steps to mitigate this risk. The Swiss finance industry should also take note of this vulnerability and consider implementing additional security measures to protect against similar threats.

Source

Original Article: Anthropic Skill scanners passed every check. The malicious code rode in on a test file.

Published: May 7, 2026

Author: louiswcolumbus@gmail.com (Louis Columbus)

Disclaimer: This article is for informational purposes only and does not constitute financial advice. Consult a licensed financial advisor before making investment decisions.