Vercel's Skills API Turns Agent Skills Into Infrastructure
Vercel opened the skills.sh API for programmatic access to 600,000+ agent skills. That is useful, but it makes skill verification a platform concern.
#scanning
4 articles with this tag.
VIPER-MCP Shows Agent Tools Need Taint Scanning
VIPER-MCP found 106 confirmed zero-days across nearly 40,000 MCP server repos. Agent tool security now needs code-level taint analysis, not just trust prompts.
Why Scanning Architecture Matters: Comparing Skill Registry Security
Comparing install-time scanning, reactive moderation, and dual-side verification — and the supply chain attack vectors each security model misses.
How Dual-Side Verification Protects Against Supply Chain Attacks
How SkillSafe dual-side verification works: publisher scans, consumer re-scans, and cryptographic tree hashes that detect tampering before install.