Mondoo Inc. has launched Mondoo AI Skills Check, a free security tool aimed at reducing the risks associated with AI agent skills. The service allows users to analyze AI agent skills for security threats before installation.
As organizations increasingly adopt agentic AI, the use of third-party skills introduces significant, often unaddressed, security risks. Malicious skills, capable of accessing sensitive credentials and systems, are becoming a new layer of software supply chain risk that traditional security tools miss.
Mondoo AI Skills Check is designed to be agent-agnostic, analyzing skills from various sources, including ClawHub and Skills.sh, across popular AI development environments. It offers a detailed comparison of a skill's stated function versus its actual behavior using deep code and behavioral analysis.
The tool scrutinizes AI agent skills across four security layers: Pattern Match for known threats, ML Classifier for novel threats, Semantic Analysis for misleading claims, and Deep Inspection for permission and behavior verification. Assessments are scored using the Common Vulnerability Scoring System (CVSS) with detailed findings.
"We built AI Skills Check to close that gap, so organizations can see real risks before a skill even gets access to your systems and for free," said Patrick Münch, co-founder and chief security officer at Mondoo.
The service also features leaderboards highlighting popular and high-risk skills. Mondoo has raised $32.5 million in funding from investors like HV Capital GmbH and Atomico.