Mondoo Launches Free AI Skills Risk Scanner to Secure Agentic Supply Chains

New updates have been reported about Mondoo.

Mondoo has introduced Mondoo AI Skills Check, a free, agent-agnostic scanner designed to identify security risks in third-party AI agent skills before they are installed into enterprise environments. The service targets a growing and largely unmonitored supply chain layer created as organizations embed external skills into tools such as Claude Code, Cursor, Windsurf, Anthropic SDK-based agents, and MCP servers, where compromised skills can gain access to credentials and sensitive systems.

AI Skills Check evaluates skills sourced from major registries including ClawHub and Skills.sh, as well as other package sources, and compares what a skill purports to do against its actual code behavior using deep static and behavioral analysis. It produces a scored assessment with severity-tagged findings mapped to MITRE ATLAS and aligned with the OWASP LLM Top 10, giving security and audit teams a standards-based view of AI supply chain risk they can use in regulatory, compliance, and board-level discussions.

The platform’s real-time leaderboards highlight both the most popular and the most risky skills, enabling organizations to quickly audit what employees are likely already using, regardless of which AI agent platform is deployed. By making this capability free and independent of any specific marketplace, Mondoo aims to establish a baseline of visibility for enterprises that are rapidly adopting agentic AI but lack tools to govern third-party skills at scale.

This launch extends Mondoo’s core Agentic Managed Vulnerability Service, which combines a proprietary AI-native platform with human security experts to prioritize vulnerabilities by business impact and exploitability across infrastructure from development through production. Mondoo reports that more than 300 customers, including large enterprises, have used its services to cut vulnerabilities by 60%, drive mean time to remediation below 16 days, and accelerate fixes up to tenfold versus manual efforts, strengthening the company’s position as organizations seek defensible AI and infrastructure security postures.

Chief Security Officer and Co-Founder Patrick Münch said the new tool is intended to close a critical visibility gap, allowing teams to understand real risks before skills can act on their systems. Strategically, Mondoo AI Skills Check broadens Mondoo’s funnel and data coverage in agentic environments, potentially increasing demand for its paid managed vulnerability offerings as enterprises move from basic AI skill inventory and assessment toward continuous remediation and outcome-based security programs.