SAN FRANCISCO, April 21, 2026 (Globe Newswire) — Mondoo, the pioneer in agent-based vulnerability management services, today announced that Mondoo AI skill check, A free, agent-agnostic security checker designed to address the growing supply chain risks posed by AI agent skills. This free service, available without a subscription, allows users to search for AI agent skills by name, registry, or package URL (PURL) to gain a clear understanding of what an AI agent does, how it works, and the security risks it poses before installation.
As organizations rapidly adopt agent AI, the use of third-party skills creates new and largely unmanaged security risks. Exactly this year, researchers identified There were 1,184 malicious skills on ClawHub, the largest public registry of AI agent skills, many of which were publicly available for download before detection. These skills are installed on agents and can perform actions on behalf of users and often have access to credentials and sensitive systems. This creates a new software supply chain layer that spans multiple agents and registries, but is largely invisible to existing security tools.
AI Skills Check is designed to be agent-agnostic and works across commonly used AI development environments, including Claude Code, Cursor, Windsurf, custom Anthropic SDK agents, and MCP servers. We also support major skills registries such as ClawHub and Skills.sh, with additional integrations in the works. Unlike registry-based scanning tools that operate within a single marketplace, AI Skills Check provides an independent layer of analysis across all skill sources. Use deep code and behavioral analysis to uncover hidden risks and perform side-by-side comparisons of what your skills claim to do versus what they actually do. Mondoo is making the AI Skills Check available for free, without a subscription, to help organizations establish a baseline level of visibility and security as agent AI adoption accelerates.
“Teams are installing AI agent skills, but with little visibility into how they actually work or what they have access to. These skills can act on your behalf, significantly increasing the risk,” said Patrick Munsch, chief security officer and co-founder of Mondoo. “We built AI Skills Check to fill that gap, giving organizations the ability to see the true risk of skills before they enter their systems, for free.”
Mondoo AI Skills Check scans your AI agents’ skills across four layers of security. Each layer is designed to detect different categories of risk.
- pattern match, Identify known malicious signatures and behaviors such as credential harvesting and data leakage.
- ML classifier, Use trained machine learning models to detect new threats that don’t match known patterns.
- Semantic analysis evaluate explanations and instructions to identify misleading claims and inconsistencies.
- thorough inspection, Examine permissions, external interactions, and actual behavior to determine if the skill is aligned with its stated purpose.
The result is a scored assessment with detailed findings, each tagged by severity and category. The findings are mapped as follows miter atlas and, OWASP LLM Top 10This provides security teams with a clear, industry-standard view of AI risk based on the frameworks already in use by auditors, regulators, and practitioners.
Additionally, Mondoo AI Skills Check’s real-time leaderboard ranks the most popular skills by star, and the Most Dangerous list details which widely used skills have the highest risk scores. This is a quick way to audit what your users may already be using, regardless of which AI agent they’re running.
This new service expands Mondoo’s ability to provide vulnerability management capabilities and services to organizations that want to confidently prioritize remediation, streamline compliance conversations, and demonstrate a rigorous and defensible security posture for their digital infrastructure from development to operations.
For more information, please visit: https://mondoo.com/ or find Mondoo on Google Cloud Next 2026booth 2411 in Las Vegas.
About Mondoux
Mondoo’s Agentic Manned Vulnerability Service combines local security experts with a proven AI-native platform to deliver the results security professionals need and help them move from endless cycles of scans and reports to actual remediation. Trusted by more than 300 customers worldwide, including Fortune 50 companies, Mondoo prioritizes risks based on business impact and exploitability, collects structured, context-aware data from across your IT infrastructure, and provides actionable remediation guidance, including automated code and ready-to-approve pull requests, that eliminates vulnerabilities rather than simply categorizing them.
Mondoo customers reduced vulnerabilities by 60%, achieved average remediation times of less than 16 days, and accelerated remediation 10x faster than manual approaches. With seamless ITSM integration, transparent security pipelines, and guaranteed results, Mondoo bridges the gap between security and engineering to solve what matters most to your business.
media contact
el maren
Mondoux market bridge
Mondoo@marketbridge.com
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/bb46f54f-5d91-4c91-90f8-07f091172632.
