Permiso Security, the unified identity security platform, announces SandyClaw, the first dynamic analysis platform for AI agent skills. SandyClaw executes skills in a sandboxed environment, records every action at the LLM and operating system level, and delivers a verdict backed by multiple detection engines. Permiso platform customers receive unrestricted access.
AI agents require skills to perform useful work: downloadable capabilities that teach them how to interact with tools, APIs, and services. Skill marketplaces have become the software supply chain for AI agents, and attackers have already begun publishing malicious skills on these platforms. The current approach to skill security relies on static code analysis or LLM-based evaluation. Neither executes the skill, which means neither can detect behavior that only manifests at runtime.
