Author: Deep Tide TechFlow
Introduction
According to the official ClawHub website, there are currently over 67,300 Skills on the platform waiting for users to choose and install. Earlier this year, this number was less than 10,000.
The explosion of Skills has driven the continuous upgrade of Agent capabilities and permissions: reading files, invoking Shell, triggering asset operations… When you authorize a Skill, your Agent effectively gets the keys to take over your digital world.
With the prosperity of supply, security blind spots are also continuously widening: Snyk's statistics on nearly 4,000 Skills found that 13.4% have critical security issues, 36.8% have security flaws, and 76 are confirmed to contain malicious payloads.
While risks are real, we often see this statement in many official documents from Skill platforms:
Third-party Skills are unverified, use at your own risk.
This may be a helpless measure to avoid risks, but it is by no means the fundamental solution to the problem.
Before AI starts performing tasks for people, we need a "standardized security entry layer" for Skills:
- Let the platform know which Skills can be listed
- Help enterprises understand what kind of Skills can be integrated into their internal environment
- Make it clear to users whether this Skill can be safely downloaded and authorized for use
In May 2026, with the launch of the security scanning tool CertiK Skill Scanner for the AI Agent ecosystem, we see substantial progress in addressing this pain point.
This is what AI era Skill "antivirus software" looks like
Compared to CertiK's official definition of CertiK Skill Scanner: A standardized security entry layer built for Skill applications in the AI era.
The community provides a simpler and clearer summary of CertiK Skill Scanner: AI Skill antivirus software.
This is easy to understand: before use, a security judgment mechanism scans the Skills, filtering and identifying potential risks and providing feedback to users.
Traditional antivirus software checks programs running on computers, while CertiK Skill Scanner checks Skills invoked by AI Agents.
The market has no shortage of ordinary scanners, but existing products each have blind spots: Web2 antivirus software cannot defend against on-chain hackers, and traditional Web3 auditing firms focus on static code, lacking deep involvement in dynamic AI invocation flows.
The differentiation of CertiK Skill Scanner lies in its coverage of the execution process:
It provides comprehensive Web2/Web3 protection against five major risk dimensions: malicious activities, data leaks, unauthorized network calls, Shell access, and file system abuse, especially focusing on financial execution risks involving fund invocation.
Not only does it cover the execution process, but it also achieves an accuracy rate of 90.5%, which is crucial for users, particularly institutional users, in financial execution scenarios, allowing CertiK Skill Scanner to truly be integrated into security processes as the "standardized security entry layer for AI Skills".
This dynamic defense capability for financial-grade scenarios has also enabled CertiK Skill Scanner to quickly gain favor from Skill platforms with high security requirements right from its launch.
Currently, the Web3 AI Agent infrastructure platform Pieverse has taken the lead in completing integration, embedding CertiK Skill Scanner into its AI Agent Skill Store, including core Skills like "BNB Chain MCP" that have adopted this standardized security review mechanism, screening potential security risks before users or Agents actually invoke them.
Regarding this cooperative integration, Pieverse CEO Colin stated:
Only when users and builders trust the Skills performed by Agents can the Agent ecosystem achieve scaled development. Pieverse is committed to building an infrastructure that enables Agents to conduct transactions securely. The inclusion of CertiK Skill Scanner provides a crucial validation layer to enhance the security and reliability of Agent Skills.
Meanwhile, cooperation with more AI Skill platforms, such as FinChip.ai, is also progressing rapidly. Gary Yang, an investor in FinChip.ai, stated:
Any "Skill economy" aiming for scaled operation must be built on trust as the core premise. The Skill security verification mechanism being advanced by CertiK is the crucial infrastructure currently lacking in this ecosystem and makes FinChip's ideas on programmable Skill ownership and distribution more feasible.
Compared to the multitiered progress of platform cooperation, the user end for ordinary individual users is still rapidly improving.
This reveals a clear signal:
Currently, CertiK Skill Scanner tends to prioritize entering institutional and platform scenarios.
What hidden secrets lie behind this choice?
Institutional Users: A Long-planned Strategic Turn
Why focus on institutions?
The answer is obvious:
In this round of cycles where "institutions" have become the main narrative, laying out institutions is equivalent to nailing a fulcrum that can leverage the entire market.
On one hand, with the rise of on-chain finance, traditional financial institutions including asset management, banking, and custodial services are entering Web3 on a large scale, needing institutional-level security, compliance, transparency, and risk visibility tools, which is CertiK's expertise.
At the same time, under the strong influence of institutions, covering institutional users presents an efficient path of "leading by example":
Serving one bank means establishing a security benchmark for all its users; encouraging one asset management institution to adopt security standards means that these standards begin to spread among the assets and clients it manages.
This is an efficient pathway, and many projects have viewed institutional collaboration as a key indicator of future growth potential.
So why did CertiK choose CertiK Skill Scanner as the early flagship product for its "strategic shift towards institutional users"?
Many institutions have already integrated AI into their workflows, and more are on their way. According to IDC's research report, by 2027, the usage of AI Agents among Global 2000 companies is expected to increase tenfold, and API and Token invocation related to Agents will increase a thousand times.
However, when institutions invoke Skills, their biggest concern is security, especially regarding financial transactions, data breaches, and compliance risks. Once they encounter a "toxic" Skill, the consequences include huge losses and collapsed trust.
Therefore, security screening for Skills is a necessity for institutions, which aligns perfectly with the focus of CertiK Skill Scanner, particularly its specialized protection against financial execution risks, matching institutional-level security needs.
Of course, recognizing an opportunity and being able to seize it are two different things.
In terms of institutional services, CertiK is not a "newbie".
For a long time, CertiK's official website has showcased a range of audiences including Web3 projects, institutions/enterprises, exchanges/custodians, and regulatory bodies and compliance departments.
Mapping the institutional services provided by CertiK, a comprehensive approach from technology, compliance to AI has already formed.
On the technical side, it covers core needs from code auditing, penetration testing to proof of reserves, spanning from foundational security guarantees to asset transparency.
On the compliance side, VARA compliance solutions and DORA and MiCA compliance consulting services help institutions establish more robust compliance paths across different jurisdictions.
On the AI side, in addition to CertiK Skill Scanner, CertiK also launched AI Auditor in April this year, supporting direct embedding into development workflows, achieving high accuracy and low false positive rates in vulnerability detection, with precision reaching 88.6% in real security event testing, together forming the twin pillars of CertiK's AI security product line.
This comprehensive approach has attracted notable participants such as Ant Group, Binance, as well as several banks, funds, custodial institutions, and regulatory technology entities to become distinguished guests on CertiK's cooperation list.
As more institutions show interest in on-chain capabilities, CertiK has publicly stated multiple times that its service targets are rapidly shifting from Web3 projects to traditional financial institutions and regulatory compliance entities.
Of course, compared to the results of institutional collaboration, people are more curious about why institutions trust CertiK.
As a leader in the security field, CertiK truly possesses capabilities and foundations that others find hard to catch up with in a short time.
With over 5,167 clients, having discovered over 180,000 code vulnerabilities, and protecting digital assets exceeding $600 billion,
a series of data on CertiK's official website reflects its ten years of deep cultivation in the security domain, and propels "Audited by CertiK" to become an important label for numerous Web3 projects to gain user trust.
Behind such industry reputation is CertiK's top-tier technical gene.
Leading CertiK's direction are two co-founders, Ronghui Gu, an associate professor of computer science at Columbia University, and Zhong Shao, a professor and department chair at Yale University, both hailing from the world's highest academic rankings.
They led the team to bring the most rigorous formal verification methodologies from academia into the Web3 security space, forging CertiK's core technical advantages, and have received official recognition from Apple five times for discovering critical vulnerabilities in iOS, iPadOS, macOS, and watchOS, strongly demonstrating that their security capabilities are not limited to the Web3 context.
Moreover, compliance is the threshold for institutional trust, and CertiK has also achieved significant results in this regard.
Currently, CertiK has completed SOC 2 Type II audits and ISO 27001 certification, making it one of the most important considerations for traditional financial institutions when choosing security service providers.
In addition, CertiK has established cooperative relationships with major global regulatory bodies, including the U.S. Congress, the Monetary Authority of Singapore, the Hong Kong Special Administrative Region government, the South Korean government, Abu Dhabi Global Market, and the Japanese Financial Services Agency. Its co-founder, Ronghui Gu, was the only Web3 representative in the MAS advisory group, actively participating in the formulation and implementation of global regulatory policies.
This positions CertiK not only to provide security guarantees from a technical standpoint but also to understand what institutions truly need within regulatory and compliance frameworks.
By thoroughly reviewing technology, compliance, and experience, we will find that we cannot evaluate CertiK through a single product; what it aims to do is not limited to the Web3 space or the standardized security entry layer for AI Skills. From the outset, CertiK's goal has remained unchanged:
To become the security infrastructure of the digital economy era.
CertiK Skill Scanner is CertiK's ticket to transform ten years of security expertise into industry standards for the AI era;
and institutions are the first cornerstone of this bet.
Standing at the starting point, gaining insight into CertiK's continuous evolution
Of course, becoming the security infrastructure of the digital economy era cannot be achieved overnight.
At this time, the roadmap becomes key information for observing project strategy implementation.
Regarding the soon-to-launch CertiK Skill Scanner, the upcoming direction is obvious:
On one hand, it involves broader ecological cooperation, further allowing the security standards led by CertiK Skill Scanner to permeate more Skill platforms, making "CertiK Security Score" a standard signal for Skill listing.
On the other hand, it is about filling the ordinary user participation entry, which is a critical step for Skill Scanner to transition from "institutional tool" to "universal security layer".
Of course, we also note that even before the launch of CertiK Skill Scanner, CertiK published an article:
Skill Scanning Is Not a Security Boundary.
The article emphasized: simply relying on static scanning is not sufficient to form a complete security boundary for the era of AI Agents.
This later became the core differentiated advantage of CertiK Skill Scanner.
But the article also emphasized:
CertiK positions CertiK Skill Scanner as the first security threshold in the AI security system, aiming to ensure that third-party Skills undergo basic risk identification and security assessment before being genuinely used by platforms, enterprises, or users.
In the future, as AI Agents enter more complex real-world execution scenarios, there is abundant espaço for CertiK's AI security products regarding risk identification, scoring systems, and reporting capabilities.
This almost plainly hints at CertiK's entire AI Agent security layout:
Expanding coverage to more AI scenarios beyond scanning access;
Developing more AI functionalities or products beyond AI Auditor and CertiK Skill Scanner;
Gradually building a complete security stack aimed at the AI Agent era beyond standalone tools.
And currently, CertiK Skill Scanner is just the starting point of this roadmap.
Conclusion
From what has been done in the past to what will be done in the future, this is a complete story about "in the digital economy era, who guarantees security".
In the past decade, CertiK has proven itself capable of backing code, contracts, and on-chain assets.
Now that AI Agents are starting to perform tasks for people, new security boundaries are emerging, and CertiK is continuing to push these boundaries:
From protecting on-chain assets to protecting AI invocations;
From institutional adoption to becoming a security foundation in the operation of the digital economy.
This is a company that has already established itself as an industry leader, leveraging a decade of accumulation to bet on the next decade's industry security standards.
Although standing at the starting point of the next ten years of the story, we can currently only see the strategic layout and the initial shapes of products and ecosystems.
However, this does not hinder everyone’s expectation for "not self-bearing risks anymore, but rather mechanisms guaranteeing it" in the future of the digital economy.
"Audited by CertiK" has helped countless Web3 projects gain user trust;
Will "Scanned by CertiK" become the next passport of the AI era?
CertiK is attempting to provide the industry with a clear answer through continuous product iteration and institutional adoption.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
