Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ ZENODOarrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Preprint . 2026
License: http://opensource.org/licenses/MIT
Data sources: ZENODO
ZENODO
Preprint . 2026
License: https://opensource.org/licenses/MIT
Data sources: Datacite
ZENODO
Preprint . 2026
License: https://opensource.org/licenses/MIT
Data sources: Datacite
 View all 2 versions
Claim

SkillFortify: Formal Analysis and Supply Chain Security for Agentic AI Skills

descriptionPublicationkeyboard_double_arrow_right Preprint 26 Feb 2026 English Publisher:Zenodo
Authors: Bhardwaj, Varun Pratap;

doi: 10.5281/zenodo.18787662 , 10.5281/zenodo.18787663

SkillFortify: Formal Analysis and Supply Chain Security for Agentic AI Skills

Abstract

SkillFortify is the first formal analysis framework for agent skill supply chain security. The ClawHavoc campaign (1,200+ malicious skills), CVE-2026-25253, and 6,487 malicious tools catalogued by MalTool demonstrate that the current "install and trust" paradigm for AI agent skills is untenable. While 12+ reactive scanning tools emerged in February 2026, all rely on heuristic methods with no formal guarantees. SkillFortify provides five formal contributions: (1) the DY-Skill attacker model adapting Dolev-Yao to agent supply chains, (2) sound static analysis via abstract interpretation over a capability lattice, (3) capability confinement with formal proof, (4) SAT-based dependency resolution with lockfile semantics, and (5) trust score algebra with formal monotonicity. Evaluated on SkillFortifyBench (540 skills), the framework achieves F1=96.95% with 100% precision and 0% false positive rate. Tool: pip install skillfortify | Code: https://github.com/varun369/skillfortify

Keywords

formal analysis, trust algebra, supply chain security, capability-based security, AI safety, abstract interpretation, Agent supply chain security, CycloneDX, ASBOM, agent skills

  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
Powered by OpenAIRE graph
Found an issue? Give us feedback
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
0
Average
Average
Average