TL;DR: CertiK’s new Skill Scanner acts as a behavioral antivirus for third-party AI skills, scoring them 0-100 across five risk categories with 90.5% precision. As AI agents grow autonomous, verifying identity becomes as critical as verifying code — which is where .PROMPT domains create a trust layer.
The App Store Moment for AI
Remember when you first downloaded a third-party app on your smartphone without thinking twice? That moment is repeating — but this time, AI agents are doing the downloading. Skill marketplaces are exploding with plugins and capabilities that agents can invoke autonomously. The problem? Those skills can read your data, initiate financial transactions, execute shell commands, and interact with your file system — all without your knowledge. Until today, there was no systematic way to audit what they actually do.
Enter CertiK’s Skill Scanner
On May 27, 2026, CertiK launched Skill Scanner — a tool the company calls “the antivirus for the AI age.” It’s the first behavioral security scanner purpose-built for third-party AI skills, and it arrives not a moment too soon. While previous tools could inspect static code, Skill Scanner focuses on execution-stage risks: the real-time behaviors that matter when an agent moves money, accesses a database, or sends a network request.
The scanner evaluates every skill across five risk categories:
- Malicious behavior — intentionally harmful actions
- Data exfiltration — unauthorized transmission of sensitive data
- Unauthorized network activity — connections to unknown endpoints
- Shell execution — running arbitrary system commands
- File system misuse — reading, writing, or deleting files
Users can submit a GitHub repo, URL, or ZIP file. Within seconds, Skill Scanner returns a scored assessment from 0 to 100 with a clear pass/warn/fail verdict. In testing, it achieved 90.5% precision in identifying security risks.
Why Execution-Stage Auditing Matters
Static code analysis can catch some vulnerabilities, but it misses the behaviors that emerge at runtime. A skill might appear benign in its source code but exfiltrate data only when triggered by a specific user request — or worse, when operating autonomously. CertiK’s focus on execution-stage risks addresses the most dangerous scenarios: financial transactions, credential access, and multi-step agent orchestrations.
This isn’t just for Web3. Skill Scanner works across Web2 and Web3 environments, making it relevant for everything from enterprise automation to decentralized agent marketplaces. It follows CertiK’s earlier AI Auditor launch earlier this year, establishing a growing suite for AI security.
The Missing Piece: Verifiable Identity
Security scanners solve one problem — behavior validation — but another gap remains: identity. How do you know the agent you’re interacting with is who it claims to be? CertiK can tell you a skill is safe, but if the agent itself can be impersonated, the trust chain breaks.
That’s where .PROMPT domains come in. An AI agent running on agent.prompt carries a verifiable digital identity that can be checked at a glance. CertiK scans the behavior; .PROMPT anchors the identity. Together, they create a trust layer that lets enterprises and consumers deploy autonomous agents with confidence.
What This Means for the Future of AI Agents
We’re heading toward a world where AI agents handle financial transactions, manage supply chains, and even represent humans in negotiations. In that world, security isn’t a feature — it’s the foundation. CertiK’s Skill Scanner provides a much-needed shield, but identity infrastructure is what ensures the agent you’re trusting has the right name and reputation.
For developers building on skill marketplaces, for enterprises deploying internal AI agents, and for anyone who wants to stay ahead of the curve, the message is clear: secure your code, but also secure your identity.
Want to future-proof your AI agent? Secure its digital identity with a .PROMPT domain. Start your free trial today at promptdomains.ai.
Leave a Reply