The app store moment for AI is here. Skill marketplaces are proliferating, developers are publishing third-party AI Skills at pace, and Agents are being granted access to those Skills with limited visibility into what they actually do. It is a pattern the security industry has seen before: adoption outpaces scrutiny, threat actors move in, and the infrastructure to address the problem arrives too late.
Third-party AI Skills can read and transmit user data, initiate financial transactions, execute shell commands, and interact with file systems. In many cases, users and enterprises have no reliable way to know whether a Skill is doing what it claims. The audit mechanisms common in mature software ecosystems, code signing, app review processes, behavioral sandboxing, have not yet been systematically applied to AI Skills. CertiK Skill Scanner is built to change that.
How It Works
The scanner evaluates five risk categories that cover the most consequential failure modes: malicious behavior, data exfiltration, unauthorized network activity, shell execution, and file system misuse. Data exfiltration covers scenarios where a Skill silently transmits user information to an external server. Unauthorized network activity captures Skills making outbound connections beyond their declared scope. Shell execution and file system misuse address cases where a Skill attempts to run system-level commands or access files outside its permissions.
It accepts a GitHub repository, URL, or ZIP file as input and returns a scored assessment from 0 to 100, with pass, warn, or fail verdicts and a findings list organized by severity. The severity breakdown gives developers and security teams the context to prioritize and remediate effectively. The system achieves up to 90.5% precision in identifying security risks.
Beyond Static Code Analysis
A key design decision is the focus on execution-stage risks rather than static code analysis alone. Many scanning tools evaluate source code in isolation, which misses risks that only emerge when a Skill actually runs, particularly in contexts involving financial transactions and fund calls. This is especially relevant as AI Agents take on more autonomous roles in financial and enterprise environments.
Who It’s For
AI Skill marketplaces can integrate the scanner directly into their publishing pipelines, automatically reviewing Skills before they go live and surfacing CertiK's verdict as a trust signal for end users. Enterprises can deploy it as part of compliance and risk management workflows before any third-party Skill enters a production environment. Independent developers can self-audit before submission, resolving issues proactively rather than after deployment. A roadmap expansion will bring direct scanning access to everyday users as well.
The scanner spans both Web3 and traditional Web2 ecosystems. Wherever a Skill can access user data or act autonomously, the same security standards should apply.
CertiK's Broader AI Security Push
CertiK Skill Scanner follows the AI Auditor initiative launched earlier this year and draws on nearly a decade of security tooling built for blockchain protocols and smart contracts, environments where code executes autonomously and errors can be irreversible. The challenges of securing AI Skills share structural similarities with those earlier problems: autonomous execution, limited user visibility, and complex third-party dependencies. CertiK Skill Scanner applies that experience to a rapidly growing new domain.
FAQs
What is CertiK Skill Scanner?
CertiK Skill Scanner is a security solution that evaluates third-party AI Skills before execution, identifying risks such as malicious behavior, data exfiltration, unauthorized network activity, shell execution, and file system misuse. It returns a scored result from 0 to 100, with pass, warn, or fail verdicts.
Who is CertiK Skill Scanner designed for?
The scanner is built for AI Skill marketplaces, enterprises, and independent developers, with plans to expand access directly to everyday users. It covers both Web3 and traditional Web2 ecosystems.
How accurate is CertiK Skill Scanner?
The scanner achieves up to 90.5% precision in identifying security risks, helping reduce false positives and improve the reliability of risk determinations.
How does CertiK Skill Scanner differ from generic AI scanning tools?
CertiK Skill Scanner is specifically designed to evaluate risks that emerge during actual execution, including scenarios involving financial transactions and fund calls, a category of risk that generalized scanning tools do not typically address.
What file types does CertiK Skill Scanner accept?
The scanner accepts a GitHub repository, URL, or ZIP file as input, making it straightforward to integrate into existing development and publishing workflows.
