Skills
STSS: Open-Source Agent Skill Scanner with SHA-256 Merkle Tree Attestations for Capability Verification
STSS is a new open-source defense layer that scans AI agent skills via static analysis and behavioral auditing, then issues cryptographic attestations using SHA-256 Merkle trees to verify agent capabilities haven't been tampered with. This addresses the growing OpenClaw-style supply chain risk where malicious skills masquerade as legitimate. Developers can verify skill integrity before installation and detect post-install modifications. First tool to bring software supply chain attestation patterns (like SLSA/Sigstore) to the AI agent ecosystem.
Source
↳ Follow the thread