SkillSpector  by NVIDIA

Summary

SkillSpector is an open-source security scanner designed to detect vulnerabilities, malicious patterns, and security risks within AI agent skills before they are installed. It addresses the critical need for vetting AI agent components, which often execute with implicit trust. The tool benefits developers and users by providing a clear assessment of skill safety, mitigating risks such as prompt injection, data exfiltration, and supply chain attacks.

How It Works

SkillSpector employs a two-stage analysis pipeline. The first stage involves fast static analysis, utilizing regex-based pattern matching across 11 analyzers, Abstract Syntax Tree (AST) behavioral analysis for dangerous calls, and live vulnerability lookups via OSV.dev for CVE data. This stage offers high recall. The second, optional stage leverages LLM semantic analysis to evaluate context and intent, filter false positives, provide human-readable explanations, and significantly improve precision. This hybrid approach aims for comprehensive and accurate security assessments.

Quick Start & Requirements

• Installation: Clone the repository, create and activate a Python virtual environment (using uv or venv), and then run make install for production or make install-dev for development dependencies.
• Basic Usage: Scan local directories (skillspector scan ./my-skill/), single files (skillspector scan ./SKILL.md), Git repositories (skillspector scan https://github.com/user/my-skill), or zip files (skillspector scan ./my-skill.zip).
• Prerequisites: Python 3.x, a virtual environment. Optional LLM analysis requires configuring an OpenAI-compatible endpoint (e.g., OpenAI, Anthropic, NVIDIA Build, Ollama) with appropriate API keys/environment variables. Network access to api.osv.dev is needed for live CVE data, with an offline fallback available.
• Links: GitHub Repository

Highlighted Details

• Detects 64 distinct vulnerability patterns across 16 categories, including prompt injection, data exfiltration, supply chain attacks, dangerous code execution (AST), and taint tracking.
• Supports multi-format input (Git, URL, zip, directory, file) and multiple output formats (Terminal, JSON, Markdown, SARIF) for flexible reporting.
• Integrates live vulnerability lookups against the OSV.dev database for up-to-date CVE information, with automatic offline fallback.
• Provides a risk scoring system (0-100) with severity levels (LOW, MEDIUM, HIGH, CRITICAL) and clear installation recommendations.

Maintenance & Community

The project is maintained by NVIDIA. Contributions are welcomed via pull requests, and support is primarily handled through GitHub Issues. Specific community channels like Discord or Slack are not mentioned.

Licensing & Compatibility

SkillSpector is released under the Apache License 2.0. This license is permissive and generally compatible with commercial use and linking within closed-source projects.

Limitations & Caveats

The scanner cannot analyze non-English content, text embedded within images, or encrypted/binary code. It performs static analysis only and does not execute code. Offline vulnerability lookups (SC4) are limited to a small static fallback list without network access to OSV.dev.