SkillSpector logo

SkillSpector

SkillSpector AI Agent
Rating:
Rate it!
Category:Software Testing (QA) Agents

Overview

Open-source security scanner for agent skills that detects vulnerabilities, malicious patterns, and risky behaviors before installation.

Visit website

Best For Professions:

security engineerapplication security engineerai engineermachine learning engineersoftware developerdevops engineerplatform engineer

SkillSpector is an open-source NVIDIA project for scanning AI agent skills before they are installed or used. It is designed for skills used by tools such as Claude Code, Codex CLI, Gemini CLI, and similar agent environments where skills may execute with implicit trust. The scanner supports Git repositories, URLs, zip files, directories, and single files. According to the official repository, it checks 68 vulnerability patterns across 17 categories, including prompt injection, data exfiltration, privilege escalation, supply chain risks, excessive agency, output handling, system prompt leakage, memory poisoning, tool misuse, rogue agent behavior, anti-refusal behavior, trigger abuse, dangerous code analysis, taint tracking, YARA signatures, MCP least privilege, and MCP tool poisoning. SkillSpector uses a two-stage approach with fast static analysis and optional LLM-based semantic evaluation, and it can query OSV.dev for live vulnerability data. It is useful for developers and security teams that need to vet third-party or internal agent skills before adoption.

Autonomy level

15%

Reasoning: SkillSpector is a security scanner for AI agent skills that performs static analysis and rule-based checks on skill code, dependencies, and configuration artifacts to detect vulnerabilities, malicious patterns, and other security risks before installation. It operates as a command-line and pipeline-integrated tool that must be explicitly invoked on...

Comparisons

Custom Comparisons

Some of the use cases of SkillSpector:

  • Scanning agent skills before installation
  • Detecting prompt injection and data exfiltration risks
  • Reviewing third-party skill repositories for malicious patterns
  • Checking agent skills for supply chain and privilege escalation issues
  • Adding security review to agent development workflows
  • Evaluating MCP-related least privilege and tool poisoning risks

Loading Community Opinions...

Pricing model:

free

Code access:

open-source

Popularity level: 54%

Industries:

CybersecuritySoftwareTechnologyDeveloper tools

Tags:

security scanningskill vettingvulnerability detectionprompt injectiondata exfiltrationstatic analysisllm evaluationsupply chain securitymcp securityyara
All AI Agents
Run this agent

Turn this idea into a hosted OpenClaw or Hermes worker.

Generate setup files, upload your own, or launch from a kit. Chat in the browser first, then attach WhatsApp, Telegram, or Slack when it is useful.

No setup work4 gatewaysClone winnersState saved
Build a hosted agentStart from prompt

Hosted agent

OpenClaw or Hermes

saved state
Browser
WhatsApp
Telegram
Slack
Generate setup files, upload prepared files, or launch from a marketplace kit. Stop, resume, clone, and rollback without losing memory.
Run an OpenClaw or Hermes agent without a server.
Open Agent Factory

Did you find this page useful?

Not useful
Could be better
Neutral
Useful
Loved it!