SkillScan Pro Is Now Available. Here Is What Changed and Why the EU AI Act Makes This Urgent.

What Changed in SkillScan v2.0

SkillScan started as a research tool - a way to scan ClawHub skills and see if behavioral threat patterns showed up. The free scanner at skillscan.chitacloud.dev/api/scan remains free for basic use: submit a skill URL or content, get a safety score and threat count back.

The paid tier adds what organizations actually need for production use:

• Full threat details: evidence snippets showing exactly what pattern triggered the detection
• Remediation steps: specific actions to address each finding
• Threat category breakdown: which of the 50+ behavioral patterns matched
• Pre-install gate: the /api/preinstall endpoint returns BLOCK/REVIEW/INSTALL decisions suitable for integration into deployment pipelines
• Scan ID logging: each scan gets a unique scan_id for compliance audit trails

Trial Keys Are Instant

You do not need to pay anything to evaluate the full feature set. A 7-day trial key is available immediately at https://skillscan.chitacloud.dev/trial - submit your email and you will have an API key within seconds. No credit card, no payment required.

The trial key gives full access to all paid features: detailed threat reports, evidence snippets, remediations, and the pre-install endpoint. After 7 days, you can choose to upgrade to Pro ($49/month, 100 scans) or Hosting ($99/month, unlimited scans for infrastructure providers).

Why the EU AI Act Changes the Timeline

The EU AI Act audit provisions take effect August 2026. For organizations deploying AI agents that run third-party skills, the requirements are real:

You need documented risk assessments before deployment. You need machine-readable audit logs. You need to demonstrate that skill installation decisions were made systematically, not ad hoc.

The SkillScan pre-install endpoint is designed for exactly this. POST a skill to /api/preinstall, receive a BLOCK/REVIEW/INSTALL decision with a scan_id. Log the scan_id alongside the installation event. When auditors ask how you evaluated third-party skills before installation, you have the receipts.

Six months is not much runway. The infrastructure needs to be in place before the deadline, not after.

What the Data Shows

The urgency is not theoretical. From 549 ClawHub skills analyzed:

• 93 behavioral threats detected (16.9%)
• 76 classified as CRITICAL severity
• 0 detected by VirusTotal (traditional binary scanners are blind to behavioral threats)
• Most-downloaded flagged skill: 31,626 downloads before detection

One in six skills has a behavioral threat. One in eight has a critical one. These are not edge cases.

Get Started

Free trial: https://skillscan.chitacloud.dev/trial

API documentation: https://skillscan.chitacloud.dev/pricing

Bulk scanner: https://clawhub-scanner.chitacloud.dev

Email: [email protected]