Web3 security ratings and continuous monitoring platform covering 17,000+ projects. Skynet Score aggregates code security, fundamental health, operational resilience, governance, market stability, and community trust into a single 0–100 rating; the Partner API exposes per-project security scores, audit metadata, KYC/KYB status, and incident history for use in listing flows, due diligence, and risk dashboards.
- 01project due diligence
- 02exchange/wallet listing risk gates
- 03audit + KYC metadata lookups
- 04incident + alert feeds
- 05ratings widgets in user-facing UIs
| Variable | Scope | Description |
|---|---|---|
| CERTIK_PARTNER_API_KEY | Server | CertiK Partner API key from the Skynet partner portal, sent in the `Authorization: Bearer` header. |
Use CertiK Skynet to surface project security ratings and audit metadata. Project lookup: `GET https://api.certik-skynet.com/api/v1/projects/{slug}` with `Authorization: Bearer ${CERTIK_PARTNER_API_KEY}` returns `{ skynetScore: 0–100, breakdown: { codeSecurity, fundamentalHealth, operationalResilience, governanceStrength, marketStability, communityTrust }, audits: [{ name, date, reportUrl }], kycStatus, incidentCount }`. Token resolution: `GET /api/v1/tokens?contract={address}&chain={chain}` returns the linked project (use this in a listing pipeline before exposing a new token). Subscribe to Skynet Alerts (governance proposals, exploit incidents, KYC changes) via the dashboard — webhook deliveries are signed and route by `eventType` + `severity`. For UI: render the Skynet Score as a badge, link `reportUrl` to the audit PDF, and gate listing on `skynetScore >= 70 && kycStatus === 'verified'` (tune thresholds per your risk policy).
- ⚑Skynet Score is a heuristic composite — a high score means 'broad security signals look healthy' not 'audited safe to use'. Always link to the underlying audit reports and let users judge severity themselves.
- ⚑Project coverage is 17,000+ but heavily skewed to mid/large caps and listed tokens; long-tail and brand-new projects often return `null` or `'unrated'` — treat unrated as 'unknown' rather than 'risky' or 'safe', and require manual review.
- ⚑Audit metadata reflects audit firms' published reports, not real-time code drift — a project audited 18 months ago may have shipped breaking upgrades since. Cross-reference `audits[].date` with the contract's last-deployed block.
- ⚑Partner API access is gated and requires a CertiK partnership agreement; the public Skynet UI is browsable but the API is not free-tier — design for cached + low-rate-of-change usage (refresh per project once per 6–24h).
- ⚑KYC/KYB status maps to CertiK's verification process — it is NOT equivalent to a regulator-issued license, and jurisdictional acceptance varies. Do NOT use Skynet KYC alone to satisfy MiCA/BSA compliance.
- ⚑Wallet UX integration is widget/badge style — there is no pre-signature scanning; pair with Blockaid/Blowfish/Harpie for transaction-level protection if your product touches signing flows.