Gen and Vercel to Verify Safety of AI Skills
What happened
Gen and Vercel have partnered to bring independent safety verification to the AI skills ecosystem. Gen's Agent Trust Hub will provide risk verification for skills.sh, a registry for AI skills. The initiative aims to protect developers and users from unsafe AI capabilities as agents become more autonomous.
Why it matters
- Gen's Agent Trust Hub, which powers the verification, was launched on February 4, 2026, and provides free tools including an AI Skills Scanner and a vetted marketplace for agent skills. - The risk analysis is conducted by Gen Threat Labs, which found that nearly 15% of AI skills it previously analyzed contained malicious instructions and over 18,000 instances of the agent framework OpenClaw were exposed online. - The verification process classifies each skill on Vercel's skills.sh registry into one of four distinct risk categories: Safe, Low Risk, High Risk, or Critical Risk. - This initiative addresses emerging security threats unique to autonomous agents, such as excessive permissions, identity spoofing, and the potential for compromised skills to act as persistent insider threats. - Vercel's skills.sh is an open-source registry for AI agent capabilities, described as "npm for your AI coding assistant," which serves a platform of over 6 million developers. - The partnership embeds security directly into the developer workflow, allowing them to assess a skill's safety posture before installation and execution, a critical step as agents increasingly connect to APIs and access sensitive data. - This move toward a standardized verification framework mirrors efforts by organizations like OWASP, which is developing an AI Security Verification Standard (AISVS) to create structured security checklists for AI applications. - Gen is the parent company for consumer cybersecurity brands like Norton, Avast, and LifeLock, serving nearly 500 million users, and is positioning its Agent Trust Hub as a trust layer for the autonomous AI era.
Key numbers
- - Gen's Agent Trust Hub, which powers the verification, was launched on February 4, 2026, and provides free tools including an AI Skills Scanner and a vetted marketplace for agent skills.
- The risk analysis is conducted by Gen Threat Labs, which found that nearly 15% of AI skills it previously analyzed contained malicious instructions and over 18,000 instances of the agent framework OpenClaw were exposed online.
- Vercel's skills.sh is an open-source registry for AI agent capabilities, described as "npm for your AI coding assistant," which serves a platform of over 6 million developers.
- Gen is the parent company for consumer cybersecurity brands like Norton, Avast, and LifeLock, serving nearly 500 million users, and is positioning its Agent Trust Hub as a trust layer for the autonomous AI era.
What happens next
- Gen's Agent Trust Hub will provide risk verification for skills.sh, a registry for AI skills.
- The initiative aims to protect developers and users from unsafe AI capabilities as agents become more autonomous.
Quick answers
What happened in Gen and Vercel to Verify Safety of AI Skills?
Gen and Vercel have partnered to bring independent safety verification to the AI skills ecosystem. Gen's Agent Trust Hub will provide risk verification for skills.sh, a registry for AI skills. The initiative aims to protect developers and users from unsafe AI capabilities as agents become more autonomous.
Why does Gen and Vercel to Verify Safety of AI Skills matter?
Gen's Agent Trust Hub, which powers the verification, was launched on February 4, 2026, and provides free tools including an AI Skills Scanner and a vetted marketplace for agent skills. The risk analysis is conducted by Gen Threat Labs, which found that nearly 15% of AI skills it previously analyzed contained malicious instructions and over 18,000 instances of the agent framework OpenClaw were exposed online. The verification process classifies each skill on Vercel's skills.sh registry into one of four distinct risk categories: Safe, Low Risk, High Risk, or Critical Risk. This initiative addresses emerging security threats unique to autonomous agents, such as excessive permissions, identity spoofing, and the potential for compromised skills to act as persistent insider threats. Vercel's skills.sh is an open-source registry for AI agent capabilities, described as "npm for your AI coding assistant," which serves a platform of over 6 million developers. The partnership embeds security directly into the developer workflow, allowing them to assess a skill's safety posture before installation and execution, a critical step as agents increasingly connect to APIs and access sensitive data. This move toward a standardized verification framework mirrors efforts by organizations like OWASP, which is developing an AI Security Verification Standard (AISVS) to create structured security checklists for AI applications. Gen is the parent company for consumer cybersecurity brands like Norton, Avast, and LifeLock, serving nearly 500 million users, and is positioning its Agent Trust Hub as a trust layer for the autonomous AI era.
