The gist

SkillSpector is an open-source security scanner from NVIDIA designed for AI agent skills. It addresses the problem of implicitly trusted agent add-ons, which research shows often contain vulnerabilities or malicious intent. The tool helps developers and security teams determine if a skill is safe to install by scanning it for a wide range of security risks, from prompt injection to supply chain vulnerabilities, before it is integrated into a system.

What it does

Scans AI agent skills from Git repos, local directories, zip files, or single files.
Detects 64 vulnerability patterns across 16 categories including prompt injection, data exfiltration, and privilege escalation.
Performs a two-stage analysis using fast static analysis and optional LLM-based semantic evaluation.
Queries the OSV.dev database in real-time to check for known CVEs in dependencies.
Assigns a 0-100 risk score with clear recommendations like 'SAFE' or 'DO NOT INSTALL'.
Generates security reports in multiple formats, including terminal, JSON, Markdown, and SARIF.

How it works

SkillSpector is a command-line tool that a user points at a skill's source code (e.g., a Git URL or local directory). It runs a two-stage pipeline: a fast static analysis using regex and Abstract Syntax Tree (AST) parsing, followed by an optional, more precise semantic analysis via an LLM API like OpenAI or Anthropic. It outputs a detailed security report with a numerical risk score. The tool is open-source and free to use.

Best for

Developers and security teams integrating third-party AI agent skills who need to perform a security audit before installation.

Watch out for

The scanner's effectiveness may be reduced for non-English content and it cannot analyze text within images or encrypted code. Dependency vulnerability checks are limited to a small fallback list when operating offline.