CertiK launched CertiK Skill Scanner on 27 May 2026, a security solution designed to evaluate third-party AI Skills and AI Agents before execution. The tool generates a 0–100 score with "pass," "warn," or "fail" verdicts and a findings list categorised by severity, claiming up to 90.5% precision in identifying security risks. The scanner addresses execution-time risks including fund calls and financial transactions across Web3 and traditional Web2 environments, targeting AI Skill marketplaces, enterprises and developers, with future updates planned for direct everyday user access. The launch responds to the emergence of AI Skill security as a threat category in 2026, marked by OWASP's publication of an Agentic Skills Top 10 and supply-chain incidents involving over 1,000 malicious agent skills distributed through public registries. Ronghui Gu, CEO and Co-Founder of CertiK, stated the product establishes "a standardized trust layer before execution, helping users and platforms identify hidden risks before sensitive data, assets, or systems are exposed." Gary Yang, Incubation Investor at FinChip.ai—one of CertiK's integration partners—said "trust is the prerequisite for any skill economy to function at scale." CertiK, a blockchain security firm, positions the scanner as an extension of its April 2026 AI Auditor initiative and its execution-risk methodology from smart contract auditing, now applied to autonomous AI systems that move value.
Product Functionality
CertiK Skill Scanner generates scored assessments ranging from 0 to 100 alongside "pass," "warn," or "fail" verdicts and a bounded findings list categorised by severity. CertiK states the system achieves up to 90.5% precision in identifying security risks, framing this metric as reducing false positives while improving reliability of AI Skill risk assessments. The product evaluates risks during actual execution rather than analysing static configuration or code syntax, focusing on scenarios involving fund calls and financial transactions. CertiK describes this execution-time evaluation as applying the same execution-risk lens it uses for smart contracts to autonomous AI Skills that can move money.
Target User Integration
The product integrates at multiple points in the AI Skill lifecycle. AI Skill marketplaces can integrate the scanner directly into publishing pipelines to automatically review Skills before they go live and display CertiK security verdicts as trust indicators for end users evaluating third-party Skills. Enterprises can deploy the tool within internal compliance and risk-management workflows to assess Skills before allowing them into production. Independent developers can use it to self-audit before publishing. CertiK states the product has been deployed within select Web3 AI Agent infrastructure environments and is advancing integrations with additional AI Skill platforms including FinChip.ai. The company plans future updates expanding direct access for everyday users to scan Skills before installation.
Market Context
Ronghui Gu framed the launch around the integration of AI agents into systems handling real value: "As AI Agents become more deeply integrated into financial systems, enterprise workflows, and everyday digital interactions, the security model around third-party Skills becomes critically important." The launch coincides with AI Skill security emerging as a threat category in 2026. OWASP published an Agentic Skills Top 10 and Cisco AI Defense released an open-source skill scanner earlier in the year. Supply-chain incidents included an attack exposing over 1,000 malicious agent skills distributed through a public skill registry, demonstrating exploitation of the "implicit trust" model where users install third-party skills without verification. CertiK's April 2026 State of Digital Asset Regulations report found infrastructure compromises drove 76% of 2025 on-chain losses by value, and the rise of autonomous agents with execution authority expands that attack surface.
CertiK's AI Security Strategy
Skill Scanner extends CertiK's push into AI-focused security infrastructure. Earlier in 2026 the company introduced its AI Auditor initiative targeting risks tied to autonomous systems and AI-driven execution. The expansion shifts CertiK's addressable market from securing smart contracts and Web3 protocols toward securing autonomous agents that act on top of them and, with Web2 scope, beyond crypto entirely. Gu described the design philosophy as proactive: "AI applications are moving toward increasingly autonomous execution, which creates a new category of security and trust challenges. We believe security infrastructure for the AI era must function proactively, not reactively. The goal is to make professional-grade security assessment accessible before execution occurs."
FAQ
What is CertiK Skill Scanner?
CertiK Skill Scanner is a security product launched on 27 May 2026 that evaluates third-party AI Skills and AI Agents for hidden risks before they execute. It generates a 0–100 score with "pass," "warn," or "fail" verdicts and a severity-categorised findings list, and is designed to work across both Web3 and traditional Web2 environments. CertiK claims up to 90.5% precision in identifying security risks.
Who is it for?
The product targets AI Skill marketplaces, enterprises and developers. Marketplaces can integrate it into publishing pipelines and display its verdicts as trust indicators; enterprises can use it for internal compliance and risk management; and developers can self-audit Skills before publishing. CertiK plans to expand direct access to everyday users in future updates.
How does it differ from general AI scanning tools?
According to CertiK, Skill Scanner evaluates risks that emerge during actual execution—including scenarios involving fund calls and financial transactions—rather than only analysing static code or configuration. This execution-time focus reflects CertiK's background in smart contract and blockchain security.
