.jpg)
Permiso Security introduces SandyClaw, the first dynamic sandbox for AI agent skills. It detonates skills in a secure environment, records every LLM and OS-level action, and detects malicious behavior missed by static scanning or LLM evaluation.
Permiso Security, the unified identity security platform, has launched SandyClaw, the first dynamic analysis platform for AI agent skills. SandyClaw detonates skills in a sandboxed environment, records every action at the LLM and operating system level, and provides a verdict supported by multiple detection engines. Permiso platform customers receive unrestricted access to the new capability.
AI agents depend on downloadable skills to interact with tools, APIs, and services. As skill marketplaces grow into the primary software supply chain for AI agents, attackers have started publishing malicious skills. Traditional security approaches relying on static code analysis or LLM-based evaluation fall short because they do not execute the skill and therefore cannot detect runtime behavior.
Permiso’s threat research team was among the first to identify and document malicious skills in the wild. This research directly informed the development of SandyClaw.
SandyClaw applies sandbox detonation — a proven methodology long used for suspicious executables — to the AI agent skill ecosystem. It captures every LLM action, network call, domain resolution, file write, and environment variable access attempt. SSL traffic is intercepted and decrypted for full visibility. Analysis runs against Sigma, Yara, Nova, and Snort engines, enhanced with custom Permiso detection rules.
"SandyClaw works across all major agent frameworks including OpenClaw, Cursor, and Codex."
"Agents are only as trustworthy as the skills they run. As skill marketplaces become the primary distribution channel for agent capabilities, the ability to validate what a skill actually does before it reaches your environment becomes a security requirement, not a nice-to-have. That is what SandyClaw delivers." — Paul Nguyen, Co-Founder and Co-CEO, Permiso Security
"Most skill scanners inspect code or ask an LLM for an opinion. But real risk shows up at runtime: network activity, file writes, and access to sensitive environment variables. SandyClaw was built on the belief that behavior is more revealing than source code alone. We detonate the skill, capture everything it does, and let the evidence speak for itself." — Ian Ahl, CTO, Permiso Security
SandyClaw is available now. Permiso platform customers receive unrestricted access. Security teams can sign up at sandyclaw.permiso.io to get started.
This launch strengthens security for SaaS, IT, and technology teams building or deploying AI agents, addressing critical risks in the emerging agentic AI supply chain.
About Permiso Security
Permiso Security is an identity security platform that discover, protect, and defend against human, non-human, and AI identity threats across cloud and on-premise environments. The platform unifies and classifies identities, assesses exposure risk to strengthen security posture, and identifies suspicious and malicious identity behavior across all environments. Permiso's Universal Identity Graph correlates identity behavior across IdPs, cloud accounts, on-premise environments, and infrastructure to uncover identity relationships, power risk scoring, and surface high-fidelity threats that SIEMs, IGA, and NHI/AI solutions miss natively. Permiso is the 2026 SC Award winner for Best Threat Detection Technology.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.