Obfuscation
Techniques used to hide malicious content from human review.
Obfuscation in skill files is used to conceal malicious instructions or code from casual inspection. Attackers may use URL shorteners (bit.ly, tinyurl, t.co) to hide destination URLs, hex-encoded strings to obscure commands, or JavaScript functions like atob/btoa or Buffer.from to decode payloads at runtime.
Obfuscated content is harder for developers to audit. A skill file that looks benign might decode to dangerous instructions when processed by the model or executed in a build step.
skillaudit detects common obfuscation patterns: URL shortener domains, hex escape sequences (\x00 style), and base64 encode/decode usage. We flag these as high severity and recommend manual review of any skill file that uses obfuscation, even if the decoded content appears safe.