Permiso Security Launches SandyClaw, the First Dynamic Sandbox for AI Agent Skills

New capability detonates skills in a sandboxed environment and records every action at the LLM and OS level, catching malicious behavior that static scanning and LLM-based evaluation miss

Permiso Security, the unified identity security platform, today announced SandyClaw, the first dynamic analysis platform for AI agent skills. SandyClaw executes skills in a sandboxed environment, records every action at the LLM and operating system level, and delivers a verdict backed by multiple detection engines. Permiso platform customers receive unrestricted access.

AI agents require skills to perform useful work: downloadable capabilities that teach them how to interact with tools, APIs, and services. Skill marketplaces have become the software supply chain for AI agents, and attackers have already begun publishing malicious skills on these platforms. The current approach to skill security relies on static code analysis or LLM-based evaluation. Neither executes the skill, which means neither can detect behavior that only manifests at runtime.

Permiso's threat research team was among the earliest to publicly identify and document malicious skills in the wild. That research led directly to SandyClaw.

Unlike static scanning or runtime containment approaches, SandyClaw applies sandbox detonation, a methodology the cybersecurity industry has relied on for evaluating suspicious executables, to the agent skill ecosystem. It records every LLM action, network call, domain resolution, file write, and environment variable access attempt. SSL traffic is intercepted and decrypted. Analysis runs against Sigma, Yara, Nova, and Snort engines augmented with custom Permiso detection rules. SandyClaw works across all major agent frameworks including OpenClaw, Cursor, and Codex.

"Agents are only as trustworthy as the skills they run. As skill marketplaces become the primary distribution channel for agent capabilities, the ability to validate what a skill actually does before it reaches your environment becomes a security requirement, not a nice-to-have. That is what SandyClaw delivers."

- Paul Nguyen, Co-Founder and Co-CEO, Permiso Security

Key Capabilities

• Dynamic detonation with full behavioral recording that captures every action at the LLM and OS level, including network calls, file writes, environment variable access, and domain resolution.
• Multi-engine detection using Sigma, Yara, Nova, and Snort alongside custom Permiso detection rules, delivering evidence-backed verdicts rather than confidence scores.
• Full traffic visibility with SSL intercept that decrypts encrypted outbound traffic inside the sandbox, exposing exfiltration attempts that would be invisible to tools without decryption capabilities.
• Full verdict transparency that provides the complete behavioral record behind every determination, including every file written, domain resolved, and network call made, so security teams can verify the finding themselves rather than trusting an opaque score.
• Cross-framework support and platform integration covering OpenClaw, Cursor, Codex, and other agent frameworks, with the ability to automatically analyze skills when the Permiso platform detects a download or installation.

"Most skill scanners inspect code or ask an LLM for an opinion. But real risk shows up at runtime: network activity, file writes, and access to sensitive environment variables. SandyClaw was built on the belief that behavior is more revealing than source code alone. We detonate the skill, capture everything it does, and let the evidence speak for itself."

- Ian Ahl, CTO, Permiso Security

Availability

SandyClaw is available now. Permiso platform customers receive unrestricted access. Security teams can sign up at sandyclaw.permiso.io to get started. For more information, visit permiso.io.

About Permiso Security

Permiso Security is an identity security platform that discover, protect, and defend against human, non-human, and AI identity threats across cloud and on-premise environments. The platform unifies and classifies identities, assesses exposure risk to strengthen security posture, and identifies suspicious and malicious identity behavior across all environments. Permiso's Universal Identity Graph correlates identity behavior across IdPs, cloud accounts, on-premise environments, and infrastructure to uncover identity relationships, power risk scoring, and surface high-fidelity threats that SIEMs, IGA, and NHI/AI solutions miss natively. Permiso is the 2026 SC Award winner for Best Threat Detection Technology. Learn more at permiso.io.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260402370756/en/