CertiK Launches Skill Scanner, Establishing a Standardized Security Review Layer for AI Agent Applications

501 0 9

As the integration of AI Agents deepens into financial systems, enterprise workflows, and daily digital interactions, the potential security risks behind them are also coming to the surface. On May 27, CertiK, the world’s largest Web3 security company, officially launched “CertiK Skill Scanner,” a Skill security scanning product for the AI Agent ecosystem, hailed by the industry as the “antivirus software for the AI era.”

According to reports, this product is primarily targeted at AI Skill pasars, enterprises, and independent developers. It aims to establish a standardized security review mechanism for AI Skills before execution, used to identify potential malicious behaviors, data leaks, unauthorized access, and autonomous execution risks within third-party AI Skills.

Filling the AI Security Gap: Pre-execution Security Validation

Currently, AI Agents are increasingly gaining capabilities such as reading data, calling external systems, executing code, and even initiating digital asset transactions. However, the industry still lacks a unified “pre-execution security validation” mechanism. With the accelerated opening of AI application ecosystems and the rapid expansion of plugin ecosystems, the trustworthiness of third-party Skills has begun to attract market attention.

CertiK co-founder and CEO Ronghui Gu pointed out that every major technological change creates a window of opportunity where security is key to success or failure. “We saw this in the blockchain space, and now we are seeing this trend again in the AI Agent field.”

He stated that AI Agents are gradually entering financial systems, enterprise workflows, and broader digital scenarios, making the security validation of third-party Skills a crucial component of AI infrastructure. The security framework of the future AI era needs to possess “proactive defense” capabilities, rather than passively responding after risks occur.

Unlike traditional general-purpose AI scanning tools, CertiK Skill Scanner is designed not only for static code analysis but also to assess risks that may materialize during actual execution. This is particularly critical in scenarios involving fund calls and financial transactions, as many risks only become apparent when the Skill actually runs.

Five Core Risk Categories and a Precise Scoring System

According to the introduction, CertiK Skill Scanner supports uploading AI Skills via GitHub repositories, URLs, or ZIP files, and conducts detection around five core risk categories:

Malicious Behavior Detection: Detects potentially destructive or hidden malicious operations
Data Leak Risk Assessment: Covers scenarios where a Skill silently transmits user information to external servers
Unauthorized Network Activity: Captures outbound connection behaviors that exceed the Skill’s declared scope
Shell Execution Privilege Review: Investigates the risk of a Skill attempting to execute system-level commands
File System Abuse Detection: Prevents Skills from accessing files outside their authorized permissions

CertiK stated that the system currently achieves a risk identification accuracy of 90.5%, effectively reducing false positives and enhancing the reliability of AI Skill risk assessments. Scan results generate a safety score from 0 to 100, along with risk results like “Pass / Warn / Fail” and a graded issue report.

Cross-Ecosystem Applications and Industry Validation

CertiK Skill Scanner is applicable to both the Web3 ecosystem and traditional Web2 markets. Its target audience encompasses all users of AI Skills:

AI Skill Pasarplaces: Can be integrated directly into the publishing process, automatically conducting security reviews before a Skill goes live. CertiK’s security assessment can be displayed as a trust signal for user selection
Enterprise Users: Can use it as part of their internal compliance and risk management workflows, evaluating third-party AI Skills before they enter the production environment
Independent Developers: Can self-audit their Skills using this tool before publication, proactively addressing security issues
General Public: CertiK plans to open direct access in future product updates, allowing individual users to scan Skills before installation or use

Currently, the product has been first adopted in some Web3 AI Agent ecosystems. Pieverse has integrated CertiK Skill Scanner into its AI Agent Skill Store as a security review mechanism for Skill listing and invocation. Colin, CEO of Pieverse, stated, “The Agent ecosystem can only scale if users and builders trust the Skills executed by the Agents.”

Additionally, CertiK is advancing collaborations with more AI Skill platforms like FinChip.ai. Gary Yang, incubation investor at FinChip.ai, commented, “For any ‘Skill economy’ to operate at scale, trust is the most fundamental prerequisite. The Skill security validation mechanism CertiK is advancing represents the essential infrastructure currently missing from this ecosystem. It also makes FinChip’s vision of programmable Skill ownership and distribution more practically meaningful.”

Extending Security Infrastructure: From Web3 to AI

Founded in 2017, CertiK is currently the world’s largest Web3 security company. It has served over 5,000 corporate clients, including Binance and Ant Group. Now, this organization, with deep expertise in blockchain infrastructure assessment, code auditing, and compliance, is extending its security experience into the AI field, providing underlying security support for the rapidly evolving AI Agent ecosystem.

The launch of Skill Scanner is also seen as a significant move by CertiK to continuously expand its AI security landscape, following the release of AI Auditor in April this year. In the industry’s view, as AI Agents gradually acquire capabilities for code execution, system calls, and asset operations, the core issue of AI security is extending from the model itself to “execution-layer security” and the “credibility of third-party Skills.” New-generation security infrastructure, including CertiK Skill Scanner, may become an indispensable link in the journey towards the large-scale application of the AI Agent ecosystem.

Artikel ini bersumber dari internet: CertiK Launches Skill Scanner, Establishing a Standardized Security Review Layer for AI Agent Applications

Related: BIT Research: If It Kept Pace with Nasdaq, Bitcoin Should Be Close to $140,000

The latest data shows that the US CPI has rebounded from 2.4% to 3.8%, while the PPI has risen from 2.9% to 6.0%. Concurrently, interest rate markets are gradually pricing out some expectations for rate cuts in 2026. For Bitcoin, the liquidity easing expectations that previously supported its rally are beginning to weaken. At the same time, escalating tensions in Iran have pushed oil prices up by approximately 40% since late February 2026, with rising energy costs further strengthening market concerns about inflation. Based on current pricing, the market still tends to view this round of inflation as a temporary pressure disturbance. However, as the correlation between energy, interest rates, and risk appetite strengthens, the market is also starting to reassess the risk that the high-interest-rate environment could persist for…