NVIDIA/SkillSpector is an open-source security scanner that analyzes AI agent skills for vulnerabilities, malicious patterns, and security risks before installation. It covers 64 vulnerability patterns across 16 categories including prompt injection, data exfiltration, privilege escalation, supply chain attacks, excessive agency, memory poisoning, tool misuse, rogue agent behavior, trigger abuse, dangerous code (AST analysis), taint tracking, YARA signatures, and MCP-specific risks (least privilege and tool poisoning). SkillSpector accepts Git repositories, URLs, zip files, directories, and single files, running fast static checks by default with optional LLM semantic analysis for issues requiring intent comparison. It provides a 0-100 risk score with severity labels and clear recommendations. Part of NVIDIA's Verified Agent Skills ecosystem, which includes a public catalog of 162 signed skills spanning 16 product families — each undergoing automated and human review, risk scanning with SkillSpector, signing, and documentation via machine-readable skill cards.
NVIDIA/SkillSpector is an open-source security scanner that answers the question “Is this skill safe to install?” before you run third-party agent skills. It detects 64 vulnerability patterns across 16 categories — covering both conventional software risks (vulnerable dependencies, dangerous code patterns, credential access) and agent-specific risks (hidden instructions, prompt injection, trigger abuse, excessive agency, tool poisoning).
SkillSpector accepts Git repositories, URLs, zip files, directories, and single files. By default it runs fast static checks; an optional LLM semantic analysis mode catches issues that require comparing a skill’s declared purpose against its actual behavior. Output is a 0-100 risk score with severity labels (Critical, High, Medium, Low, Info) and actionable recommendations. Live vulnerability lookup through OSV.dev catches known vulnerable dependencies, with an offline fallback.
The agent skills ecosystem is shipping faster than its trust model. GitHub Trending is now a skills monoculture — addyosmani/agent-skills hit #1 with +3,275 stars/day — but there is no package-manager-level vetting for SKILL.md files. SkillSpector is the first scanner purpose-built for this gap: it understands agent-specific attack surfaces (prompt injection via skill instructions, MCP tool poisoning, excessive agency grants) that conventional SAST tools miss entirely. Part of NVIDIA’s broader Verified Agent Skills program, which signs and catalogs 162 skills across 16 product families.
Run SkillSpector before installing any third-party skill from GitHub Trending, a skills directory, or a colleague’s repo. Integrate into CI/CD pipelines for teams publishing skills. Use the risk score to gate skill installation in production agent deployments. Pairs with runtime firewalls like Claw Patrol — SkillSpector catches risks at install time, Claw Patrol enforces rules at execution time.
SkillSpector is a static analysis tool — it catches patterns and known vulnerabilities but cannot detect all runtime exploitation vectors. The optional LLM analysis mode requires API access and adds latency. For runtime protection, pair with a firewall like denoland/clawpatrol. The 64-pattern coverage is comprehensive for current agent skill formats but will need updates as the skills ecosystem evolves.
Security-conscious engineering teams adopting agent skills who want to vet third-party SKILL.md files before installation. DevSecOps teams building agent skill supply chain policies. Enterprise teams using NVIDIA’s Verified Agent Skills catalog who want the same scanning tool NVIDIA uses internally.
AI agents that work well with SkillSpector.
Single 70-line CLAUDE.md derived from Karpathy's LLM coding-pitfall observations — #1 GitHub trending for 28 consecutive days.
Production-grade engineering skills for AI coding agents — addyosmani's curated bundle covering Claude Code, Cursor, and Antigravity workflows.
100+ ready-to-use Claude Code agents, commands, hooks, and integrations — installable via CLI or interactive dashboard at aitmpl.com.