AgentReadyHomeAgent ListingPricing

← SkillSpector

SkillSpector — agentic threat model

6.9AIVSS 6.9 · Medium

SkillSpector is a security-focused scanning tool with low inherent agentic autonomy, but its role in vetting untrusted agent skills makes it a critical target for bypasses, parser exploits, and prompt injection during its LLM-based semantic evaluation phase.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.4AARS uplift 0.26Factor sum 1.6/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.10
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.00
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.10
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses an optional LLM-based semantic evaluation stage. Threats include prompt injection embedded within scanned skills designed to manipulate the evaluation output, or adversarial inputs causing the LLM to misclassify malicious skills as safe.

L2 · Data Operations✓ mapped

Ingests external data from Git repositories, URLs, zip files, and queries OSV.dev. Threats include data poisoning of the OSV.dev feed, zip bombs, or path traversal vulnerabilities when extracting and parsing untrusted skill packages.

L3 · Agent Frameworks✓ mapped

Orchestrates static analysis and LLM evaluation. Threats include insecure integration of parsing tools or YARA engines, and vulnerabilities within the orchestration framework that could be exploited by malformed skill configurations.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — the deployment environment is not specified, but as an open-source CLI/scanner tool, running it unsandboxed in developer environments or CI/CD pipelines poses risks of host compromise if a scanned skill triggers code execution during analysis.

L5 · Evaluation & Observability✓ mapped

Acts as an evaluation and observability tool itself, checking 68 vulnerability patterns. Threats include evaluation gaming where malicious skills are obfuscated to bypass the static and semantic rules, and blind spots in the signature database.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no explicit authentication, authorization, or compliance certifications are mentioned for the tool itself, though it helps users enforce security policies like MCP least privilege.

L7 · Agent Ecosystem✓ mapped

Designed to vet skills for agent environments like Claude Code and Gemini CLI. A failure or false negative in SkillSpector directly leads to the introduction of compromised or rogue skills into the broader agent ecosystem, causing cascading trust failures.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.