The researchers from CertiK, a renowned blockchain security entity, have recently uncovered a crucial security lapse in the latest AI agent networks. Hence, the new report from CertiK’s lead researcher, Guanxing Wen, warns against the insufficiency of just skill scanning when it comes to ensuring safety.
Excellent work by our security researcher Guanxing Wen (@hhj4ck) highlighting an important gap in AI agent security.Scanning skills or warning popups aren’t enough—without proper runtime permissions and sandboxing, a single missed review could compromise the entire host.
— CertiK (@CertiK) March 16, 2026
As CertiK mentioned in its official press release, a legitimate 3rd-party “Skill” could circumvent moderation checks on the OpenClaw platform. The malicious Skill was even capable of executing arbitrary commands via the host system, irrespective of passing diverse review layers.
CertiK Uncovers Deficiency of AI Skill Detection and Review System in Securing AI Agent Marketplaces
As CertiK’s analysis discloses, Clawhub, the AI agent marketplace of OpenClaw, depends on a multi-layered pipeline of reviews, including unchangeable code scanning, AI-led moderation, and VirusTotal checks. Though these mechanisms focus on identifying malicious behavior, CertiK’s researchers found that prudently structured logic and minute code modifications can conveniently circumvent detection.
In several cases, Skills that seem benign during the process of installation may contain manipulable vulnerabilities concealed within normal workflows.The research stresses the inherent limitation of static detection methods.
Just like conventional cybersecurity tools such as web app firewalls or antivirus software, pattern-based identification can be circumvented via minor code structure variations. Additionally, while artificial intelligence (AI) moderation enhances detection with the analysis of inconsistencies and intent, it is still deficient at unearthing deeply integrated vulnerabilities.
Blockchain Security Platform Recommends Runtime-Based Security and Resilient Skill Isolation
According to CertiK, its proof-of-concept has further disclosed a flaw in the handling of pending security audits. Specifically, Skills could reportedly become openly installable and available even at a time when VirusTotal results appear incomplete.
Keeping this in view, CertiK’s study encourages the enhancement of detection rather than relying on user warnings and marketplace reviews. As a result, without solid runtime protection, even a single overlooked vulnerability can result in compromise of the whole host environment.
Amid the wider growth of AI ecosystems, CertiK pushes toward the adoption of runtime-based security frameworks, enhanced 3rd-party Skills isolation, and stringent permission controls. So, comprehensive security will rely on establishing mechanisms that assume some threats to bypass review to ensure the containment of such threats ahead of any harm.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
