CertiK 推出 Skill Scanner，为 AI Agent 应用建立标准化安全审查层

As AI agents become increasingly integrated into financial systems, enterprise workflows, and daily digital interactions, the underlying security risks are gradually coming to light. On May 27th, CertiK, the world's largest Web3 security company, officially launched the "CertiK Skill Scanner," a security scanning product for the AI agent ecosystem, hailed by the industry as "antivirus software for the AI era."

It is understood that this product is primarily aimed at AI skill marketplaces, enterprises, and independent developers. Its goal is to establish a standardized security review mechanism for AI skills before execution, used to identify potential malicious behaviors, data leaks, unauthorized access, and autonomous execution risks within third-party AI skills.

Filling the AI Security Gap: Pre-Execution Security Verification

Currently, AI agents are gradually gaining capabilities such as reading data, calling external systems, executing code, and even initiating digital asset transactions. However, the industry still lacks a unified "pre-execution security verification" mechanism. Against the backdrop of accelerating open ecosystems for AI applications and the rapid expansion of plugin ecosystems, the trustworthiness of third-party skills is beginning to garner market attention.

CertiK Co-founder and CEO Ronghui Gu pointed out that every major technological change creates a window of opportunity where security is the key to success or failure. "We've seen this in the blockchain space, and now we're seeing this trend again in the AI agent field."

He stated that AI agents are gradually entering financial systems, enterprise workflows, and a broader range of digital scenarios. Security verification for third-party skills will become a crucial component of AI infrastructure. The security system of the future AI era needs to possess "proactive defense" capabilities, rather than passively responding after risks occur.

Unlike traditional general-purpose AI scanning tools, the design focus of CertiK Skill Scanner extends beyond static code analysis, enabling it to assess risks that may arise during actual execution. This is particularly critical in scenarios involving fund calls and financial transactions, as many risks only become apparent when the skill is running.

Five Core Risk Categories and Precise Scoring System

According to the introduction, CertiK Skill Scanner supports uploading AI skills via GitHub repository, URL, or ZIP file, and conducts detection around five core risk categories:

• Malicious Behavior Detection: Detects potentially destructive or hidden malicious operations
• Data Leak Risk Assessment: Covers scenarios where skills silently transmit user information to external servers
• Unauthorized Network Activity: Captures outbound connection behaviors beyond the scope declared by the skill
• Shell Execution Permission Review: Identifies risks of skills attempting to run system-level commands
• File System Abuse Detection: Prevents skills from accessing files outside their permissions

CertiK stated that the system currently achieves a risk identification accuracy of 90.5%, effectively reducing false positives and enhancing the reliability of AI skill risk assessment. Scan results generate a security score from 0 to 100, accompanied by risk outcomes like "Pass / Warn / Fail" and a tiered issue report.

Broad Cross-Ecosystem Application and Industry Validation

CertiK Skill Scanner is applicable to both the Web3 ecosystem and traditional Web2 markets. Its target audience encompasses all users of AI skills:

• AI Skill Marketplaces: Can be directly integrated into the publishing workflow to automatically conduct security reviews before skills go live, displaying CertiK's security assessment as a trust signal for users' selection
• Enterprise Users: Can use it as part of internal compliance and risk management workflows to assess third-party AI skills before they enter production environments
• Independent Developers: Can use the tool for self-auditing before publishing skills, proactively addressing security issues
• General Public: CertiK plans to open direct access in future product updates, allowing individual users to scan skills before installation or use

Currently, the product has been first applied in some Web3 AI agent ecosystems. Pieverse has integrated CertiK Skill Scanner into its AI Agent Skill Store as a security review mechanism before skills are launched and invoked. Colin, CEO of Pieverse, stated: "Only when users and builders trust the skills executed by agents can the agent ecosystem scale."

Additionally, CertiK is advancing cooperation with more AI skill platforms like FinChip.ai. Gary Yang, Incubation Investor at FinChip.ai, commented: "For any 'Skill Economy' to operate at scale, trust is the most core prerequisite. The skill security verification mechanism CertiK is advancing is precisely the critical infrastructure currently missing from this ecosystem, and it also makes FinChip's vision of programmable skill ownership and distribution more practically relevant."

Extending Security Infrastructure: From Web3 to AI

Established in 2017, CertiK is currently the largest Web3 security company globally. It has served over 5,000 enterprise clients, including Binance and Ant Group. Now, this institution with deep expertise in blockchain infrastructure assessment, code auditing, and compliance is further extending its security experience into the AI field, providing foundational security support for the rapidly evolving AI agent ecosystem.

The launch of Skill Scanner is also seen as an important move for CertiK to continuously expand its AI security landscape, following the release of AI Auditor in April this year. In the industry's view, as AI agents gradually gain capabilities for code execution, system calls, and asset operations, the core issues of AI security are shifting from the model itself towards "execution layer security" and "third-party skill trustworthiness." New-generation security infrastructure, including the CertiK Skill Scanner, may well become an indispensable part of the AI agent ecosystem's journey towards large-scale application.