CertiK Launches AI Skill Scanner for Agent Security

• CertiK has launched Skill Scanner, a security product built to assess third-party AI Skills before they are used by AI agents.
• The tool targets risks such as hidden malicious behavior, unauthorized data access and autonomous execution in Web3 and Web2 environments.

CertiK is pushing deeper into AI security with the launch of CertiK Skill Scanner, a product designed to review third-party AI Skills before they are installed, published or approved for use inside enterprise systems.

The company describes the tool as something close to an antivirus layer for the AI agent era. The comparison is not perfect, but it gets to the point. AI agents are no longer just answering questions in a chat window. They are beginning to call external tools, read files, trigger workflows, move data between systems and, in more sensitive cases, interact with financial infrastructure.

That changes the security equation. A bad browser extension can already be dangerous. A bad AI Skill connected to an autonomous agent can be worse, because the agent may execute actions at speed and in a context the user does not fully see.

AI Skills create a new execution risk

AI Skills are becoming the plug-ins of the agent economy. They expand what an AI agent can do, from pulling data and automating tasks to executing financial actions and interacting with Web3 protocols. Each additional Skill, however, also creates another point where something can go wrong.

That risk is not limited to obvious malware. A Skill may request more data than it needs, behave differently during execution than during review, trigger unauthorized API calls or quietly create conditions for later misuse. In financial environments, the concern becomes even sharper. A tool that can initiate fund calls, sign workflow requests or prepare transactions needs a different level of scrutiny than a simple productivity add-on.

CertiK said Skill Scanner is built to detect hidden malicious behavior, unauthorized data access and execution risks before sensitive systems are exposed. Unlike broader AI scanning tools, the company says its product is focused on risks that can emerge during actual execution, including cases involving fund movements and financial transactions.

Ronghui Gu, CEO and co-founder of CertiK, said the security model around third-party Skills is becoming more important as AI agents move into financial systems, enterprise workflows and everyday digital services.

Marketplaces, enterprises and developers are first in line

The first target groups are AI Skill marketplaces, enterprises and developers. Marketplaces can integrate the scanner into their publishing pipelines, so Skills are reviewed before they go live. They can also display CertiK verdicts as trust indicators for users deciding whether to install a third-party Skill.

For enterprises, the use case is more defensive. Companies testing AI agents internally need a way to assess third-party Skills before they enter production environments or touch customer data, internal systems or compliance-sensitive workflows. That is where a scored review process becomes useful. It gives security teams something more concrete than a vendor claim or a developer description.

Independent developers can also use the scanner to self-audit Skills before publishing. CertiK said future updates will expand direct access for everyday users, allowing individuals to scan Skills themselves before installation or use.

The scanner produces a score from 0 to 100, along with “pass,” “warn” or “fail” verdicts and a bounded list of findings grouped by severity. CertiK says the system reaches up to 90.5% precision in identifying security risks, with the aim of reducing false positives while making AI Skill assessments more dependable.

The product has already been deployed in selected Web3 AI agent infrastructure environments. CertiK is also working on integrations with additional AI Skill platforms, including FinChip.ai.

The launch follows CertiK’s broader expansion into AI-focused security infrastructure, after the company introduced its AI Auditor initiative earlier this year. For a firm best known for Web3 audits, the move is a logical extension. As AI agents begin to handle code, assets, permissions and business workflows, security checks need to happen before execution, not after a system has already been exposed.