CertiK launched Skill Scanner to establish a standardized security review layer for AI Agent applications

As the integration of AI Agent (AI intelligent body) in the financial system, business workflows and daily digital interactions deepens, the security risks behind it emerge. On May 27, CertiK, the world's largest Web3 security company, officially launched the “CertiK Skill Scanner”, a Skill (Skilled) safe scanning product for the AI Agent ecology, known in the industry as the “AI Age Poisoning Software”。

The product, which is known to be aimed primarily at the AI Skill market, businesses and independent developers, aims to establish a standardized security review mechanism for AI Skill prior to implementation to identify potential malicious acts in third parties AI Skill, data leakage, ultra vires access and autonomous enforcement risks。

FILLING AI SECURITY GAP: PRE-IMPLEMENTATION SECURITY VALIDATION

Currently, AI Agent is gradually acquiring the ability to read data, access external systems, enforce codes and even initiate transactions in digital assets, but there is a lack of a unified “pre-implementation security certification” mechanism within the industry. In the context of AI applications that accelerate the opening of ecology and the rapid expansion of the ecology of plugins, the credibility of third-party Skill is beginning to gain market attention。

CertiK, co-founder and CEO Ku, points out that every major technological change creates a window period during which security is the key to success or failure. "We have seen this in the area of block chains, and now again in the area of AI Agent."

He stated that AI Agent was gradually entering the financial system, business flows and wider digital scenes, and that third-party Skill security certification would be an important part of the AI infrastructure. The security system of the future AI era requires a “active defence” capability, rather than a reactive response when risks arise。

Unlike the traditional generic AI scanning tool, CertiK Skill Scanner ' s design focus is not limited to static code analysis, but is better able to assess the risks that may arise during actual implementation. This is particularly critical in the context of money transfers and financial transactions, as many risks are exposed only when Skill actually operates。

Five core risk categories and precision rating systems

CertiK Skill Scanner is described as supporting uploading AI Skill via GitHub repository, URL or ZIP files and testing around five core risk categories:

• Malicious conduct detection: detection of potentially destructive or hidden malicious acts
• Data leakage risk assessment: coverage of the Skill silent transmission of user information to external servers
• Unauthorized network activities: capture of off-site connections beyond the Skill declaration
• Shell Execute Permission Review: Check the risk of Skill trying to run a system-level command
• Document system misuse detection: preventing Skill from accessing documents outside its authority

CertiK states that the system currently has a 90.5 per cent risk recognition accuracy, which effectively reduces misstatement and enhances the reliability of the AI Skill risk assessment. The scan results will generate a security rating of 0 to 100 with risk results and classification reports such as “Pass / Warn / Fail”。

Cross-ecological extensive applications and industry validation

CertiK Skill Scanner also applies to the Web3 ecological and traditional Web2 market. Its target audience covers all AI Skyll users:

• AI Skill Market: can be integrated directly into the release process, automatically conduct security clearances before Skill goes online, and display CertiK security assessments as a sign of confidence in user selection
• Enterprise users: can be assessed as part of the internal compliance and risk management workflow before third party AI Skill enters the production environment
• Independent developer: the tool can be used for self-auditing prior to the Skill release to proactively address security issues
• General public: CertiK plans to open direct access to future product updates to enable individual users to scan Skill before installation or use

Currently, the product has been first applied to selected Web3 AI Agent ecology. Pieverse has integrated CertiK Skill Scanner into its Al Agent Skill store as a security clearance mechanism for Skill on line and before call. The CEO Colin of Pieverse states: “Skill, Agen ecosystems can only be scaled up if users and builders trust the Skill, Agen ecosystems implemented by Agent.”

In addition, CertiK is promoting cooperation with additional AI Skill platforms such as FinChip.ai. FinChip.ai hatching investor Gary Yang says, "Trust is the central prerequisite for any `Skill economy' to operate on a scale. The Skill Security Certification Mechanism being advanced by CertiK is the critical infrastructure currently missing in this ecology and makes FinChip's concept of programmable Skill ownership and distribution more relevant.”

Extended security infrastructure: from Web3 to AI

Founded in 2017, CertiK is currently the world's largest Web3 security company. The company has provided services to over 5,000 business clients, including François, Ant Group, etc. Today, this institution, which has built up deep in the areas of block chain infrastructure assessment, code auditing and compliance, is expanding its security experience further to AI to provide bottom-up security support for rapidly evolving AIAgent ecology。

This launch of Skill Scanner is also seen as an important move by CertiK to continuously expand the AI security map following the release of AI Auto in April this year. In industry, the core issue of AI security is being further extended from the model itself to “executive level security” and “third-party Skill credibility” as AI Agent gradually develops the capability of code implementation, system access and asset operations. And a new generation of security infrastructure, including CertiK Skill Scanner, will be an essential part of the AI Agent ecological movement towards scale applications。