Dev.to
6/23/2026

Fake AI skill bypassed scanners
Original: Fake AI Agent Skill Slipped Past Every Scanner and Reached 26,000 Agents
Short summary
Security researchers created a fake AI agent skill that bypassed all tested scanners and reached 26,000 agents by borrowing GitHub stars and using a lookalike domain. The core vulnerability: security scanners check static packages, but external URLs skills point to can be rewritten after vetting passes. Defense recommendations: inventory installed skills, route new ones through a single controlled source, pin versions, enforce least privilege on agents, and block skills that fetch external setup pages.
- •Fake AI skill bypassed every security scanner and reached 26,000 agents using borrowed GitHub stars and lookalike domain (stitch-design.ai vs stitch.withgoogle.com)
- •Vulnerability: scanners check submitted package at moment of review; external URLs the skill points to can be rewritten after vetting passes
- •Defenses: inventory installed skills, route through single controlled source, pin versions, enforce least privilege on agents, block skills that fetch external setup pages
Generated with AI, which can make mistakes.
Is this a good recommendation for you?



