What is SkillFortify?

SkillFortify is the first formal security scanner for AI agent skills and plugins. It uses mathematical proofs to verify that agent skills cannot exceed their declared capabilities, supporting 22 frameworks including MCP and LangChain.

How accurate is SkillFortify?

SkillFortify achieves a 96.95% F1 score with 100% precision and 0% false positive rate on its 540-skill benchmark (270 malicious, 270 benign).

Why was SkillFortify created?

After the ClawHavoc campaign planted 1,200+ malicious skills in OpenClaw's ClawHub marketplace and researchers catalogued 6,487 malicious agent tools that VirusTotal cannot detect, SkillFortify was built to provide mathematically grounded security guarantees.

How is SkillFortify different from other security scanners?

Unlike heuristic scanners where absence of findings does not mean absence of risk, SkillFortify provides formal verification with soundness guarantees backed by five peer-reviewed theorems.

How do I install SkillFortify?

Install with pip install skillfortify. It is free, open-source under MIT license, requires no cloud dependencies, API keys, or subscription. It can auto-discover and scan all AI tools on your system.

← Back to dashboard

clawsmith.com/signal/skillfortify-formal-verification-ai-agent-skills

📈 TrendsUnknownSecurityLive

SkillFortify: First Formal Security Scanner for AI Agent Skills — 22 Frameworks, 0% False Positives

Open-source tool that mathematically proves agent skills cannot exceed declared capabilities. Achieves 96.95% F1 score with 0% false positives on 540-skill benchmark. Backed by peer-reviewed research with five formal theorems.

Product Idea from this Signal

A security layer that vets ClawHub skills for malware and prompt injection before your agent installs them

79.8k ▲

ClawHub grew 380% to 13,729 skills in Q1 2026. Snyk found 36% contain prompt injection and 1,467 carry malicious payloads. The ClawHavoc campaign planted 1,184 weaponized skills in the marketplace. VirusTotal integration catches known malware but misses novel prompt injection, data exfiltration via tool outputs, and social engineering patterns unique to AI agent skills. This tool performs deep behavioral analysis of every skill before installation, catching threats that signature-based scanners miss.

SECURITYCLIDEVTOOLOPEN-SOURCE

CompetitiveView Opportunity →