AgentReadyHomeAgent ListingPricing

← Agent Listing

SkillSpector

AI SecurityfreeOpen SourceCybersecurity, Software, Technology, Developer tools

Open-source security scanner for agent skills that detects vulnerabilities, malicious patterns, and risky behaviors before installation.

🛡️ AgentReady threat assessment

MAESTRO 7-layer threat model + OWASP AIVSS risk score for SkillSpector, derived from its capabilities.

AIVSS 6.9 · Medium
View MAESTRO 7-layer threat model →

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.

Overview

SkillSpector is an open-source NVIDIA project for scanning AI agent skills before they are installed or used. It is designed for skills used by tools such as Claude Code, Codex CLI, Gemini CLI, and similar agent environments where skills may execute with implicit trust. The scanner supports Git repositories, URLs, zip files, directories, and single files. According to the official repository, it checks 68 vulnerability patterns across 17 categories, including prompt injection, data exfiltration, privilege escalation, supply chain risks, excessive agency, output handling, system prompt leakage, memory poisoning, tool misuse, rogue agent behavior, anti-refusal behavior, trigger abuse, dangerous code analysis, taint tracking, YARA signatures, MCP least privilege, and MCP tool poisoning. SkillSpector uses a two-stage approach with fast static analysis and optional LLM-based semantic evaluation, and it can query OSV.dev for live vulnerability data. It is useful for developers and security teams that need to vet third-party or internal agent skills before adoption.

Key features

Use cases