Making the assertion that any request made by IP address is skype is not a good idea. This is especially true in transparent setups.
In the past I have posted about this previously, but the cleanest way to know if a request is coming from skype is to direct it to a separate proxy port.
Here is an example ruleset I have offered:
As far as detecting the traffic, at the moment MWG cannot differentiate between skype SSL and normal SSL. Skype SSL is a broken version of normal SSL (from what I understand).
How prevent this solution the use of the Skype port by normal https traffice which is manual entered in internet options?