{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:RUGNNXTN2JPQMUYHSHKSQLDEFX","short_pith_number":"pith:RUGNNXTN","schema_version":"1.0","canonical_sha256":"8d0cd6de6dd25f06530791d5282c642dc39553b788ce22c3e5a42f233c95e564","source":{"kind":"arxiv","id":"2607.02357","version":1},"attestation_state":"computed","paper":{"title":"Cloak and Detonate: Scanner Evasion and Dynamic Detection of Agent Skill Malware","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Congying Xu, Shing-Chi Cheung, Shuai Wang, Xin Wei, Yudong Gao, Zimo Ji, Zongjie Li","submitted_at":"2026-07-02T16:00:52Z","abstract_excerpt":"LLM coding agents increasingly rely on third-party agent skills from public marketplaces, which execute with the agent's privileges and create a software supply-chain attack surface: a malicious skill can steal credentials, exfiltrate source code, or install backdoors. Existing defenses use static skill scanners based on pattern matching or LLM-as-judge analysis, but it remains unclear whether they withstand adaptive evasions that preserve malicious behavior while changing payload appearance.\n  This paper first presents an adversarial study of existing skill scanners through SkillCloak, a payl"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2607.02357","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-07-02T16:00:52Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"facf44c3eef423e54b8eab793be804be56c8da44db9bd6430c556a7e3c042c3c","abstract_canon_sha256":"089c621f9edde19902caac3f887dda269423184d132aefc7c703d00f43742de9"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-03T01:17:56.558606Z","signature_b64":"LTSOZxeCVNFfCs06y2wvfPzksWW9jBJkDXPViPiUKrb58X3+/iQtO7BIG/6O0Y0VlNU1fKn0Vx2ZyFkMk/6MBA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"8d0cd6de6dd25f06530791d5282c642dc39553b788ce22c3e5a42f233c95e564","last_reissued_at":"2026-07-03T01:17:56.558102Z","signature_status":"signed_v1","first_computed_at":"2026-07-03T01:17:56.558102Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Cloak and Detonate: Scanner Evasion and Dynamic Detection of Agent Skill Malware","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Congying Xu, Shing-Chi Cheung, Shuai Wang, Xin Wei, Yudong Gao, Zimo Ji, Zongjie Li","submitted_at":"2026-07-02T16:00:52Z","abstract_excerpt":"LLM coding agents increasingly rely on third-party agent skills from public marketplaces, which execute with the agent's privileges and create a software supply-chain attack surface: a malicious skill can steal credentials, exfiltrate source code, or install backdoors. Existing defenses use static skill scanners based on pattern matching or LLM-as-judge analysis, but it remains unclear whether they withstand adaptive evasions that preserve malicious behavior while changing payload appearance.\n  This paper first presents an adversarial study of existing skill scanners through SkillCloak, a payl"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2607.02357","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2607.02357/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2607.02357","created_at":"2026-07-03T01:17:56.558162+00:00"},{"alias_kind":"arxiv_version","alias_value":"2607.02357v1","created_at":"2026-07-03T01:17:56.558162+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2607.02357","created_at":"2026-07-03T01:17:56.558162+00:00"},{"alias_kind":"pith_short_12","alias_value":"RUGNNXTN2JPQ","created_at":"2026-07-03T01:17:56.558162+00:00"},{"alias_kind":"pith_short_16","alias_value":"RUGNNXTN2JPQMUYH","created_at":"2026-07-03T01:17:56.558162+00:00"},{"alias_kind":"pith_short_8","alias_value":"RUGNNXTN","created_at":"2026-07-03T01:17:56.558162+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/RUGNNXTN2JPQMUYHSHKSQLDEFX","json":"https://pith.science/pith/RUGNNXTN2JPQMUYHSHKSQLDEFX.json","graph_json":"https://pith.science/api/pith-number/RUGNNXTN2JPQMUYHSHKSQLDEFX/graph.json","events_json":"https://pith.science/api/pith-number/RUGNNXTN2JPQMUYHSHKSQLDEFX/events.json","paper":"https://pith.science/paper/RUGNNXTN"},"agent_actions":{"view_html":"https://pith.science/pith/RUGNNXTN2JPQMUYHSHKSQLDEFX","download_json":"https://pith.science/pith/RUGNNXTN2JPQMUYHSHKSQLDEFX.json","view_paper":"https://pith.science/paper/RUGNNXTN","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2607.02357&json=true","fetch_graph":"https://pith.science/api/pith-number/RUGNNXTN2JPQMUYHSHKSQLDEFX/graph.json","fetch_events":"https://pith.science/api/pith-number/RUGNNXTN2JPQMUYHSHKSQLDEFX/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/RUGNNXTN2JPQMUYHSHKSQLDEFX/action/timestamp_anchor","attest_storage":"https://pith.science/pith/RUGNNXTN2JPQMUYHSHKSQLDEFX/action/storage_attestation","attest_author":"https://pith.science/pith/RUGNNXTN2JPQMUYHSHKSQLDEFX/action/author_attestation","sign_citation":"https://pith.science/pith/RUGNNXTN2JPQMUYHSHKSQLDEFX/action/citation_signature","submit_replication":"https://pith.science/pith/RUGNNXTN2JPQMUYHSHKSQLDEFX/action/replication_record"}},"created_at":"2026-07-03T01:17:56.558162+00:00","updated_at":"2026-07-03T01:17:56.558162+00:00"}