NVIDIA / SkillSpector

2026-03-21 · Source: Github Trending: All languages · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Intermediate, long

Summary

NVIDIA's SkillSpector is an open-source security scanner designed to detect vulnerabilities, malicious patterns, and security risks in AI agent skills before installation. This tool addresses a critical need, as research indicates 26.1% of skills contain vulnerabilities and 5.2% exhibit likely malicious intent. SkillSpector supports multi-format input, including Git repositories and zip files, and identifies 64 vulnerability patterns across 16 categories such as prompt injection, data exfiltration, and supply chain issues. It employs a two-stage analysis pipeline: an initial fast static analysis, followed by an optional LLM semantic evaluation that improves precision to approximately 87%. The scanner also performs live vulnerability lookups via OSV.dev for real-time CVE data, offers various output formats like JSON and SARIF, and provides a 0-100 risk score with severity labels and recommendations.

Key takeaway

For AI Security Engineers evaluating third-party AI agent skills, you should integrate SkillSpector into your pre-deployment vetting process. This tool provides a robust, two-stage analysis to identify 64 vulnerability patterns, including prompt injection and data exfiltration, before installation. Leveraging its risk scoring and SARIF output, you can make informed "DO NOT INSTALL" decisions, significantly reducing your attack surface and protecting your AI systems from malicious or flawed agent capabilities.

Key insights

AI agent skills pose significant security risks, necessitating pre-installation vulnerability scanning.

Principles

• Implicit trust in AI agent skills leads to vulnerabilities.
• Two-stage analysis (static + semantic) enhances detection.
• Live CVE lookups are crucial for supply chain security.

Method

SkillSpector uses a two-stage pipeline: fast static analysis (regex, AST, OSV.dev) for high recall, then optional LLM semantic evaluation to filter false positives and improve precision.

In practice

• Scan Git repos or local directories for skill vulnerabilities.
• Integrate SARIF reports into CI/CD pipelines.
• Configure LLM providers like OpenAI or Anthropic for semantic analysis.

Topics

• AI Agent Security
• Vulnerability Scanning
• LLM Security
• Static Analysis
• Supply Chain Attacks
• SARIF Reports

Code references

• NVIDIA/SkillSpector
• NVIDIA/skillspector
• user/my-skill
• NVIDIA/skillspector

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, AI Engineer, MLOps Engineer

Related on AIssential

• The sorry state of skill distribution — Public skill scanners are largely ineffective against malicious agent skills due to structural vulnerabilities and static analysis limitations.
• ClawHub Security Signals: When VirusTotal, Static Analysis, and SkillSpector Disagree — AI agent skill security requires layered governance due to significant scanner disagreement across attack surfaces.
• I Read Cursor's Security Agent Prompts, So You Don't Have To — Simple LLM prompts, when supported by robust orchestration, can effectively automate security reviews at scale.
• FORGE: Multi-Agent Graduated Exploitation and Detection Engineering — FORGE unifies vulnerability exploitation, prioritization, and detection engineering via graduated depth and multi-agent automation.
• [D] We found 18K+ exposed OpenClaw instances and ~15% of community skills contain malicious instructionsc — Autonomous agent frameworks like OpenClaw present novel and severe security risks, particularly from unreviewed community skills.
• openai / skills — Agent Skills standardize AI agent capabilities for repeatable task execution across various applications.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Github Trending: All languages.