Skeleton-based action recognition has attracted increasing attention due to its potentially broad applications such as autonomous and anonymous surveillance. With the help of deep learning techniques, it has also witnessed substantial progress and achieved excellent accuracy in non-adversarial environments. However, in practice, potential adversaries might easily deceive an action recognition model by performing actions with imperceptible perturbations. Deploying such a model without understanding its adversarial vulnerability might lead to severe consequences, e.g., recognizing a violent action as a normal one. Despite these security concerns, research on the vulnerability of skeleton-based action recognition remains scant, partly due to the challenges caused by the unique nature of human skeletons and actions. Specifically, we argue that for imperceptible and reproducible adversarial skeleton actions: 1) the bone lengths should be maintained roughly the same as the original bone lengths; 2) the changes of joint angles should be small; 3) the adversarial motion speeds should be restricted. These unique constraints hinder direct applications of existing attack methods to adversarial skeleton actions.In this paper, we conduct a thorough study towards understanding the adversarial vulnerability of skeleton-based action recognition. We first formulate the generation of adversarial skeleton actions as a constrained optimization problem by representing or approximating the constraints with mathematical equations. To deal with the intractable primal optimization problem with equality constraints, we propose to optimize its unconstrained dual problem using ADMM. We further design an efficient plug-in defense, inspired by recent theories and empirical observations, against adversarial skeleton actions. Extensive evaluations demonstrate the effectiveness of our attack and defense, and reveal the properties of adversarial skeleton actions. * The only parallel work is detailed in section 2.3.