CertiK Skill Scanner Brings Standardized Security Review to Third-Party AI Skills

NEW YORK, May 28, 2026 (GLOBE NEWSWIRE) -- CertiK today launched CertiK Skill Scanner, a security product that evaluates third-party AI Skills before execution. The launch addresses a growing gap in AI Skill ecosystems: as marketplaces scale and Agents are granted access to more third-party tools, the security infrastructure around those Skills has not kept pace with adoption.

A New Attack Surface

Third-party AI Skills occupy a position of significant trust. They can access user data, initiate financial transactions, execute shell commands, and interact with file systems, often without any standardized review before deployment. The mechanisms that govern trust in mature software ecosystems, app review processes, behavioral sandboxing, and code signing, have not been systematically applied to AI Skills. CertiK Skill Scanner introduces that gatekeeping layer, evaluating Skills before they reach users, enterprises, or production environments.

How The Scanner Works

CertiK Skill Scanner evaluates five risk categories: malicious behavior, data exfiltration, unauthorized network activity, shell execution, and file system misuse. It accepts a GitHub repository, URL, or ZIP file as input and returns a scored assessment from 0 to 100, with pass, warn, or fail verdicts and a severity-ranked findings list. The system achieves up to 90.5% precision in identifying security risks.

A defining feature is the scanner's focus on execution-stage risks rather than static code analysis alone. Risks involving financial transactions and fund calls often only surface when a Skill is actually running, a scenario that conventional source code review tools are not designed to catch. CertiK Skill Scanner is built to evaluate those dynamic scenarios, making it particularly relevant for enterprises and platforms where AI Agents operate with financial autonomy.

Deployment Across Marketplaces, Enterprises, and Developers

The product is designed for three primary contexts. AI Skill marketplaces can embed the scanner into their publishing pipelines, reviewing Skills automatically before they go live and surfacing CertiK's verdict as a trust signal for end users. Enterprises can deploy it as a repeatable compliance process before any third-party Skill enters a production environment. Independent developers can self-audit before submission, catching and resolving issues proactively. Everyday user access is planned for a future release.

The scanner covers both Web3 and traditional Web2 ecosystems. The underlying risks, unauthorized data access, malicious execution, and network abuse, are not ecosystem-specific, and the product's scope reflects that.

Part of CertiK's Broader AI Security Push

CertiK Skill Scanner follows the AI Auditor initiative launched earlier this year and represents the company's extension of nearly a decade of blockchain and smart contract security experience into the AI domain. Smart contract environments share structural characteristics with AI Skill ecosystems: code executes autonomously, user visibility is limited, and the consequences of a security failure can be immediate and irreversible. CertiK Skill Scanner applies the same security rigor developed in those environments to a rapidly growing new category of risk.

About CertiK

Headquartered in New York and founded in 2017 by professors from Yale University and Columbia University, CertiK is the largest Web3 security services company. CertiK applies academic-grade technical rigor to the security challenges facing Web3 and AI ecosystems. The company offers full-lifecycle risk management solutions, including blockchain infrastructure assessments, smart contract audits, formal verification, penetration testing, custody architecture reviews, and compliance support. CertiK works closely with regulators and financial institutions across multiple jurisdictions, contributing to policy development and regulatory consultation efforts. To date, CertiK has partnered with more than 5,000 enterprise clients worldwide, including Binance, Ant Group, and leading banks across Europe and Singapore.

Media contact:
Elisa Yiting Xu
yiting.xu@certik.com