Key Facts CertiK announced the launch of CertiK Skill Scanner on 27 May 2026, a security solution for evaluating AI Agents and third-party AI Skills before execution. The scanner generates a
Key Facts
- CertiK announced the launch of CertiK Skill Scanner on 27 May 2026, a security solution for evaluating AI Agents and third-party AI Skills before execution.
- The scanner generates a 0–100 score with "pass," "warn," or "fail" verdicts and a findings list categorised by severity; CertiK claims up to 90.5% precision in identifying security risks.
- It is built to evaluate execution-time risks, including scenarios involving fund calls and financial transactions, across both Web3 and traditional Web2 environments.
- Target users include AI Skill marketplaces, enterprises and developers, with direct access for everyday users planned in future updates.
- Quoted are Ronghui Gu, CEO and Co-Founder of CertiK, and Gary Yang, Incubation Investor at FinChip.ai, one of the platforms CertiK is integrating with.
CertiK has launched CertiK Skill Scanner, a security product designed to vet third-party AI Skills and AI Agents before they execute. Announced on 27 May 2026, the tool positions itself as antivirus software for the AI age — scanning the discrete capabilities that AI agents invoke for hidden malicious behaviour, unauthorised data access and autonomous execution risks, and returning a scored verdict before sensitive data, assets or systems are exposed.
What Skill Scanner does
The scanner generates a scored assessment ranging from 0 to 100, alongside "pass," "warn," or "fail" verdicts and a bounded findings list categorised by severity. According to CertiK, the system achieves up to 90.5% precision in identifying security risks — a metric the company frames as reducing false positives while improving the reliability of AI Skill risk assessments. The differentiator CertiK emphasises is execution-time evaluation. Unlike generalised AI scanning tools that analyse static configuration or code syntax, Skill Scanner is built to evaluate risks that emerge during actual execution, including scenarios involving fund calls and financial transactions. That focus reflects CertiK's
blockchain heritage — the same execution-risk lens it applies to smart contracts, now pointed at autonomous AI Skills that can move money.
Built for marketplaces, enterprises and developers
The product is designed to slot in at several points in the AI Skill lifecycle. AI Skill marketplaces can integrate it directly into publishing pipelines to automatically review Skills before they go live, and can display CertiK security verdicts as trust indicators for end users evaluating third-party Skills. Enterprises can deploy it within internal compliance and risk-management workflows to assess Skills before allowing them into production. Independent developers can use it to self-audit before publishing, and CertiK plans future updates that expand direct access for everyday users to scan Skills before installation. CertiK says the product has already been deployed within select Web3 AI Agent infrastructure environments and is advancing integrations with additional AI Skill platforms, including FinChip.ai. "Trust is the prerequisite for any skill economy to function at scale," said Gary Yang, Incubation Investor at
FinChip.ai. "CertiK's work on skill security verification is exactly what this ecosystem needs."
Why the timing matters
Ronghui Gu, CEO and Co-Founder of CertiK, framed the launch around the deepening integration of AI agents into systems that handle real value. "As AI Agents become more deeply integrated into financial systems, enterprise workflows, and everyday digital interactions, the security model around third-party Skills becomes critically important," Gu said. "CertiK Skill Scanner was built to establish a standardized trust layer before execution, helping users and platforms identify hidden risks before sensitive data, assets, or systems are exposed." The launch lands as AI Skill security becomes one of 2026's fastest-emerging threat categories. The industry has moved quickly to formalise the risk, with OWASP publishing an Agentic Skills Top 10 and Cisco AI Defense releasing an open-source skill scanner earlier in the year. High-profile supply-chain incidents — including a widely reported attack that exposed over 1,000 malicious agent skills distributed through a public skill registry — have demonstrated that the "implicit trust" model, where users install third-party skills without verifying them, is already being exploited.
CertiK's AI security expansion
Skill Scanner extends CertiK's push into AI-focused security infrastructure. Earlier in 2026 the company introduced its AI Auditor initiative, targeting risks tied to autonomous systems and AI-driven execution. The throughline is a shift in CertiK's addressable market: from securing smart contracts and Web3 protocols toward securing the autonomous agents that increasingly act on top of them — and, with the Web2 scope, beyond crypto entirely. The move also fits CertiK's recent emphasis on the convergence of AI and on-chain risk. Its April 2026
State of Digital Asset Regulations report found that infrastructure compromises — rather than smart contract code exploits — drove 76% of 2025 on-chain losses by value, and the rise of autonomous agents with execution authority expands exactly that attack surface. A pre-execution trust layer for AI Skills is the logical product response. Gu framed the design philosophy as proactive rather than reactive. "AI applications are moving toward increasingly autonomous execution, which creates a new category of security and trust challenges," he said. "We believe security infrastructure for the AI era must function proactively, not reactively. The goal is to make professional-grade security assessment accessible before execution occurs."
FAQ
What is CertiK Skill Scanner? CertiK Skill Scanner is a security product launched on 27 May 2026 that evaluates third-party AI Skills and AI Agents for hidden risks before they execute. It generates a 0–100 score with "pass," "warn," or "fail" verdicts and a severity-categorised findings list, and is designed to work across both Web3 and traditional Web2 environments. CertiK claims up to 90.5% precision in identifying security risks.
Who is it for? The product targets AI Skill marketplaces, enterprises and developers. Marketplaces can integrate it into publishing pipelines and display its verdicts as trust indicators; enterprises can use it for internal compliance and risk management; and developers can self-audit Skills before publishing. CertiK plans to expand direct access to everyday users in future updates.
How is it different from general AI scanning tools? According to CertiK, Skill Scanner evaluates risks that emerge during actual execution — including scenarios involving fund calls and financial transactions — rather than only analysing static code or configuration. This execution-time focus reflects CertiK's background in smart contract and blockchain security. CertiK Skill Scanner reflects a broader recognition that the security model built for static software does not transfer cleanly to autonomous agents that execute actions and move value on a user's behalf. As the AI Skill economy scales, a pre-execution trust layer is likely to become as standard as antivirus once was — and the open competitive question is whether that layer is owned by dedicated AI security firms, incumbent network security vendors, or specialists like CertiK bringing an execution-risk discipline honed on-chain. This article is informational and does not constitute security or investment advice.
