
SkillSpector
Open-source security scanner for agent skills that detects vulnerabilities, malicious patterns, and risky behaviors before installation.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for SkillSpector, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
SkillSpector is an open-source NVIDIA project for scanning AI agent skills before they are installed or used. It is designed for skills used by tools such as Claude Code, Codex CLI, Gemini CLI, and similar agent environments where skills may execute with implicit trust. The scanner supports Git repositories, URLs, zip files, directories, and single files. According to the official repository, it checks 68 vulnerability patterns across 17 categories, including prompt injection, data exfiltration, privilege escalation, supply chain risks, excessive agency, output handling, system prompt leakage, memory poisoning, tool misuse, rogue agent behavior, anti-refusal behavior, trigger abuse, dangerous code analysis, taint tracking, YARA signatures, MCP least privilege, and MCP tool poisoning. SkillSpector uses a two-stage approach with fast static analysis and optional LLM-based semantic evaluation, and it can query OSV.dev for live vulnerability data. It is useful for developers and security teams that need to vet third-party or internal agent skills before adoption.
Key features
- security scanning
- skill vetting
- vulnerability detection
- prompt injection
- data exfiltration
- static analysis
- llm evaluation
- supply chain security
- mcp security
- yara
Use cases
- Scanning agent skills before installation
- Detecting prompt injection and data exfiltration risks
- Reviewing third-party skill repositories for malicious patterns
- Checking agent skills for supply chain and privilege escalation issues
- Adding security review to agent development workflows
- Evaluating MCP-related least privilege and tool poisoning risks