Permiso Security, the unified identity security platform, announced SandyClaw, the first dynamic analysis platform for AI agent skills. SandyClaw executes skills in a sandboxed environment, records every action at the LLM and operating system level, and delivers a verdict backed by multiple detection engines. Permiso platform customers receive unrestricted access.
AI agents require skills to perform useful work: downloadable capabilities that teach them how to interact with tools, APIs, and services. Skill marketplaces have become the software supply chain for AI agents, and attackers have already begun publishing malicious skills on these platforms. The current approach to skill security relies on static code analysis or LLM-based evaluation. Neither executes the skill, which means neither can detect behavior that only manifests at runtime.
Permiso‘s threat research team was among the earliest to publicly identify and document malicious skills in the wild. That research led directly to SandyClaw.
Also Read: Trust3 AI Launches Trustscore to Give Compliance and Security Teams Enforceable Visibility into AI Agents
Unlike static scanning or runtime containment approaches, SandyClaw applies sandbox detonation, a methodology the cybersecurity industry has relied on for evaluating suspicious executables, to the agent skill ecosystem. It records every LLM action, network call, domain resolution, file write, and environment variable access attempt. SSL traffic is intercepted and decrypted. Analysis runs against Sigma, Yara, Nova, and Snort engines augmented with custom Permiso detection rules. SandyClaw works across all major agent frameworks including OpenClaw, Cursor, and Codex.
“Agents are only as trustworthy as the skills they run. As skill marketplaces become the primary distribution channel for agent capabilities, the ability to validate what a skill actually does before it reaches your environment becomes a security requirement, not a nice-to-have. That is what SandyClaw delivers.”
“Most skill scanners inspect code or ask an LLM for an opinion. But real risk shows up at runtime: network activity, file writes, and access to sensitive environment variables. SandyClaw was built on the belief that behavior is more revealing than source code alone. We detonate the skill, capture everything it does, and let the evidence speak for itself,” said Ian Ahl, CTO, Permiso Security.
SOURCE: Businesswire