CertiK has released a collection of open-source AI agent skills that integrate blockchain security data directly into tools such as Claude Code, Codex, and Cursor. No complex setup, no external dependencies beyond Python 3.10+, and three of the four skills require zero authentication.
Why This Matters
AI coding agents are increasingly used for Web3 development and research. But until now, getting on-chain security signals into those workflows has meant leaving the agent, manually hitting an API, and switching context. CertiK Skills closes that gap — letting agents query wallet risk, transaction traces, project scores, and token contract analysis in natural language or via simple commands.
The result: security intelligence becomes a native part of the development and investigation workflow, not an afterthought.
What Is CertiK Skills?
CertiK Skills is a repository of production-ready skill modules that connects AI agents to CertiK's security infrastructure. Each skill is:
- Self-contained — one folder, no dependency hell
- Agent-native — includes a
SKILL.mdthat tells agents when and how to invoke it - Immediately usable — CLI scripts work out of the box with the Python standard library
The repository ships four skills covering the most common Web3 security workflows.
The Four Skills
SkyInsights: Wallet & Transaction Risk Intelligence
SkyInsights connects agents to CertiK's AML and compliance API. Given a wallet address or transaction hash, it returns risk scores, entity labels, and compliance screening results across 19 chains.
What it covers:
- KYA (Know Your Address): risk score and entity attribution for a wallet
- KYT (Know Your Transaction): risk analysis for a specific transaction hash
- AML Screening: full compliance check against sanctions and high-risk entity lists
- Labels: on-chain entity tags (exchange, mixer, hacker, etc.)
Supported chains include Bitcoin, Ethereum, BSC, Solana, Tron, Polygon, Base, Arbitrum, Optimism, and more. This is the only skill that requires credentials (SKYINSIGHTS_API_KEY and SKYINSIGHTS_API_SECRET), obtainable at skyinsights.certik.com.
Natural language works: Is 0xAb58...eC9B risky? or Run AML screening on this address — the agent handles the rest.
Skylens: EVM Transaction Forensics
Skylens is built for deep transaction investigation on EVM chains. Given a transaction hash, it pulls execution traces, balance changes, storage state deltas, and source code — the toolkit you'd reach for when dissecting an exploit or tracing fund flows.
What it covers:
- Execution trace with call depth and opcode context
- Native, token, and NFT balance changes per address
- Storage slot diffs before and after a transaction
- Contract source file enumeration and retrieval
No API key required. Supported chains include Ethereum, BSC, Polygon, Base, Arbitrum, Optimism, Avalanche, Blast, Scroll, Linea, Sonic, and more.
The recommended workflow starts with get-trace to map the call graph, then drills into suspicious contracts with list-source-files and state-change. This is the skill for incident response and post-mortem analysis.
Skynet Score: Project Security Ratings
Skynet Score gives agents access to CertiK's public project rating data. Search by project name, get the overall Skynet score and tier, and break down component scores across six dimensions.
Score dimensions: Code Security, Community, Fundamentals, Governance, Market, Operations.
No authentication needed. Works with any project indexed by CertiK Skynet — query by keyword, and the agent handles candidate matching. If multiple results come back, it surfaces the best candidates rather than guessing.
Use this when vetting a DeFi project, comparing security postures, or building automated due diligence workflows.
Token Scan: Contract-Level Risk Analysis
Token Scan runs CertiK's token contract analyzer on any supported chain and returns a structured risk report: overall score, alert list prioritized by severity, holder concentration signals, LP lock status, and buy/sell tax data.
What it covers:
- Risk score and alert count
- Alerts ordered Critical → Major → Medium → Minor (up to 8 shown)
- Holder concentration and LP lock signals
- Real buy/sell tax values from on-chain data
No authentication required. Supported chains: BSC, Ethereum, Solana, Arbitrum, Base, Polygon, Avalanche, Tron, TON, Sui, and Plasma.
This is the fastest way to sanity-check a token contract before interacting with it — whether you're a developer integrating a new asset or a researcher flagging honeypot risk.
Quick Start
Install all skills in one command:
npx skills add certikdev/skills
Or clone and copy selectively:
git clone https://github.com/certikdev/skills.git
# Claude Code
cp -R skills/skills/skyinsights ~/.claude/skills/
cp -R skills/skills/token-scan ~/.claude/skills/
| Agent | Skill Directory |
|---|---|
| Claude Code | ~/.claude/skills/ |
| Codex | ~/.codex/skills/ |
| Cursor | ~/.cursor/skills/ |
For SkyInsights, add credentials to your environment:
SKYINSIGHTS_API_KEY=your_key
SKYINSIGHTS_API_SECRET=your_secret
Who Should Use CertiK Skills
Web3 developers building on-chain applications: run Token Scan and Skynet Score as part of your integration checklist before going live.
Security researchers and auditors: Skylens gives you transaction forensics without leaving your agent. Trace exploits, map call graphs, and inspect storage diffs in one workflow.
Compliance and risk teams: SkyInsights brings AML screening and entity attribution into any agent-driven workflow, covering 19 chains with no manual API calls.
Web3 Research Analysts: Skynet Score and Token Scan provide fast, structured signals for project vetting and portfolio monitoring.
Frequently Asked Questions
What are CertiK Skills?
CertiK Skills are open-source AI agent modules that connect coding agents (Claude Code, Codex, Cursor) to CertiK's blockchain security APIs. They enable wallet risk scoring, transaction forensics, project rating lookups, and token contract analysis — all from within an agent workflow.
Do CertiK Skills require an API key?
Only SkyInsights requires authentication (SKYINSIGHTS_API_KEY and SKYINSIGHTS_API_SECRET). Skylens, Skynet Score, and Token Scan all use public endpoints — no credentials needed.
Which blockchains do CertiK Skills support?
Coverage varies by skill. SkyInsights covers 19 chains, including Bitcoin, Ethereum, Solana, BSC, Tron, and Base. Skylens supports 16 EVM chains. Token Scan covers 11 chains, including Solana, Sui, TON, and Tron. Skynet Score works with any project indexed in CertiK Skynet.
What is the difference between SkyInsights and Token Scan?
SkyInsights operates at the wallet and transaction level — it assesses address risk, entity labels, and AML compliance. Token Scan operates at the contract level — it analyzes a token's code, holder structure, LP locks, and tax behavior. They answer different questions and complement each other.
What is CertiK Skylens used for?
Skylens is a transaction forensics tool for EVM chains. It returns execution traces, balance and storage changes, nonce deltas, and contract source code for a given transaction hash. It's primarily used for exploit post-mortems, on-chain investigation, and debugging complex DeFi interactions.
What does the Skynet Score measure?
The CertiK Skynet Score is a composite project security rating covering six dimensions: Code Security, Community, Fundamentals, Governance, Market, and Operations. Scores are publicly accessible and updated by CertiK's automated monitoring system.
How do I run AML screening on a wallet using an AI agent?
With SkyInsights installed and credentials configured, ask your agent in natural language: Run AML screening on 0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B on ETH. The agent invokes the SkyInsights skill automatically and returns a compliance report.
How do I check if a token is a honeypot?
Use the Token Scan skill. It returns buy/sell tax data, holder concentration, and LP lock status — the primary signals for honeypot detection. Run: python3 scripts/token_scan.py --chain bsc --contract 0x... or ask your agent directly.
Are CertiK Skills open source?
Yes. The repository is published under the MIT License at github.com/certikdev/skills.
What AI agents are supported?
CertiK Skills are designed to work with Claude Code, OpenAI Codex, and Cursor. Any agent that supports the skills directory convention can use them.
