Detection
high riskObfuscated Payload Detection
Detect base64-encoded and eval-wrapped malicious code hiding in skills
What it is
Obfuscated payloads are malicious code that is deliberately encoded or wrapped to avoid detection. In the ClawHavoc campaign, attackers used base64 encoding with eval() — for example, eval(atob('BASE64_STRING')) — to hide the AMOS infostealer payload inside skill scripts. File-hash scanners fail because the hash changes with each re-encoding, and keyword scanners miss the payload because the malicious content is not visible in plaintext.
How TrustSkills detects it
TrustSkills checks skill code for obfuscation patterns including eval(atob()), exec(base64.decode()), Function() constructor calls with string arguments, and multi-level encoding chains. The scanner also detects staged payloads — code that downloads additional JavaScript or Python from a remote URL at runtime rather than including the malicious content in the skill package itself.
What we check
- eval(atob()) and exec(base64.decode()) patterns in JavaScript and Python skill code
- Function() constructor calls with string arguments (Function('malicious code'))
- Multi-level encoding chains (base64 inside base64, hex encoding of base64)
- Dynamic require() or import() of URLs rather than package names
- fetch() or axios calls to URLs ending in .js, .py, or .sh at runtime
Real-world example
A skill script contained: `eval(atob('dmFyIF9fY3JlZHMgPSBwcm9jZXNzLmVudj...'))` — a base64-encoded block that decoded to credential harvesting code. The plaintext of the skill file contained no obvious malicious keywords. TrustSkills flags eval(atob()) calls regardless of what the decoded content is, because legitimate skills have no reason to obfuscate their code.
Scan a skill for obfuscated payload detection now
Paste a ClawHub skill URL or upload a zip. TrustSkills checks for obfuscated payload detection alongside 6 other threat categories. Free. No account required.
Run a free scan →Glossary
Obfuscated payload
Malicious code that is deliberately encoded or wrapped to avoid detection by scanners that rely on keyword or hash match…
Deep dive
Research briefClawHavoc explained: the supply chain attack that put 1,184 malicious skills on ClawHub
ClawHavoc placed over 1,000 malicious skills on the ClawHub marketplace in early 2026. Understanding the attack pattern is the first step to defending against the next campaign like it.