Runtime Skill Audit: Targeted Runtime Probing for Agent Skill Security

The article introduces Runtime Skill Audit (RSA), a dynamic analysis method designed to enhance the security of agent skills in LLMs by auditing their behavior under targeted runtime conditions. RSA was tested on 100 skills using the OpenClaw framework, achieving 90.0% accuracy, with an 88.0% true positive rate and an 8.0% false positive rate, significantly outperforming static baselines by 13 percentage points. This method is critical for practitioners as it addresses the vulnerabilities of static vetting processes, particularly in the context of self-evolving attacks, ensuring more reliable detection of malicious behaviors in agent skills.