NVIDIA — SkillSpector Open-Source Scanner for AI Agent Skills
AI relevance: Research shows 26.1% of agent skills contain vulnerabilities and 5.2% show likely malicious intent — SkillSpector is a dedicated open-source scanner that inspects skills used by Claude Code, Codex CLI, Gemini CLI and similar frameworks before installation.
- 64 vulnerability patterns across 16 categories. Coverage includes prompt injection, data exfiltration, privilege escalation, supply chain risk, excessive agency, system prompt leakage, memory poisoning, tool misuse, rogue agent, trigger abuse, AST-based dangerous code detection, taint tracking, YARA signatures, MCP least-privilege checks, and MCP tool poisoning.
- Two-stage analysis pipeline. Fast static analysis runs first; optional LLM semantic evaluation adds context-aware detection. The scanner supports OpenAI, Anthropic, NVIDIA's build.nvidia.com, and local OpenAI-compatible endpoints (Ollama, vLLM, llama.cpp).
- Live vulnerability lookups. SkillSpector queries OSV.dev for real-time CVE data with automatic offline fallback, connecting skill code to known vulnerability databases.
- Multiple input formats. Scans Git repos, URLs, zip files, directories, or single
SKILL.mdfiles. Output supports terminal, JSON, Markdown, and SARIF formats for CI/CD integration. - Risk scoring. Returns a 0–100 score with severity labels and actionable recommendations, making it practical for automated gating in agent deployment pipelines.
Why it matters
Agent skills run with implicit trust in frameworks like Claude Code, Codex CLI, and Gemini CLI — they're essentially plugins with filesystem and tool access. The 26.1% vulnerability rate and 5.2% malicious intent rate (per the project's own research) show that manual review does not scale. SkillSpector provides a programmatic gate between "found a cool skill on the internet" and "installed it with agent-level permissions."
What to do
- Integrate SkillSpector scans into agent skill installation workflows — scan before install, not after compromise.
- Use the SARIF output format to pipe results into existing CI/CD security dashboards and IDE tooling.
- Combine with runtime governance tools (Cisco DefenseClaw, Microsoft Agent Governance Toolkit) for layered defense — static scan before install, runtime policy enforcement during execution.
- Configure the LLM semantic analysis stage for higher-confidence detection on skills that pass static analysis but still warrant deeper review.