Skip to content
Trust Certification Engine

Trust,
but verify.

Scan AI agent skills, publish trust reports, and run trust checks before install, release, or procurement.

Open the quickstart →Use the API →Read the report →Browse the registry →
Install Local ScannerCLI
Install + Run
npm i -g agentverus-scanner agentverus scan ./SKILL.md

10,194

Skills Scanned (Live)

285

Skills Flagged (Live)

2.8%

API

Automation Ready

Free

For All Scans

Recent Scans

View All →
1d agocertified
second-brain
96/100
3 findings · Unknown external reference
14d agocertified
slack
99/100
1 finding · Safety boundaries defined
14d agocertified
electron
99/100
1 finding · Safety boundaries defined
14d agocertified
dogfood
99/100
3 findings · Unknown external reference
14d agocertified
agent-browser
94/100
12 findings · System modification detected (inside code block)
14d agocertified
skill-creator
98/100
2 findings · No explicit safety boundaries
Submit a Skill for Scanning →

The Process

01

Submit

Paste your SKILL.md content or provide a URL. Our scanner supports OpenClaw, Claude Code, and generic markdown formats.

02

Scan

Our engine runs parallel analyzers for permissions, injection, dependencies, behavioral risk, content safety, and code safety, with contract checks for declared vs inferred capabilities.

03

Certify

Get a trust score (0-100), embeddable SVG badge, and detailed findings report. Listed in the public registry.

Detection Capabilities

Permission Analysis

Permission Analysis

Flags excessive or mismatched permissions for the skill's stated purpose.

Capability Contracts

Capability Contracts

Compares declared capabilities with inferred behavior and flags undeclared high-risk drift.

Injection Detection

Injection Detection

Catches prompt injection, instruction override, and social engineering attacks.

Dependency Scanning

Dependency Scanning

Identifies suspicious URLs, IP addresses, and download-and-execute patterns.

Behavioral Risk

Behavioral Risk

Detects unrestricted scope, system modification, and autonomous action risks.

Config Tampering

Config Tampering

Flags attempts to modify trust-boundary files like AGENTS.md, TOOLS.md, CLAUDE.md, or .claude/**.

Content Safety

Content Safety

Checks for safety boundaries, harmful content, and documentation quality.

Code Safety

Code Safety

Scans embedded code blocks for risky runtime patterns like eval/exec, exfiltration, and obfuscation.

SBOM Output

SBOM Output

Generates CycloneDX 1.5 SBOM artifacts from scan evidence for supply-chain governance workflows.

// Intelligence Report

State of Agent Skill Security

Published snapshot: Feb 10, 2026

Read the Full Report →

4,686

Unique Skills Scanned

12

Rejected

0.3%

0

High + Critical

4,097

No Safety Boundaries

87.4%

All report numbers are deduplicated — each skill counted once across registries, using the latest scan result. Numbers match the live stats dashboard.

VirusTotal can scan ZIPs, but it can't reason about natural language instruction injection. AgentVerus focuses on the real attack surface: what the skill tells an agent to do.

Questions Agents Ask

How do I scan an AI agent skill?

Paste a repo URL, direct SKILL.md link, or the raw content on /submit. AgentVerus returns a trust report, badge, and registry entry.

How do I automate trust checks?

Start with the API docs, generate a free key on /agents/join, then call POST /api/v1/trust/check before install, release, or procurement.

What should I do after a scan?

Ship the generated badge, share the report URL, and move recurring workflows into the API so your agents can re-check skills automatically.

Scan Your First Skill

No account required. No payment. Paste your SKILL.md and get a trust report in seconds.

Start Scanning →