Source: raw/x-bookmark-2060610895458553977.md (X bookmark — @Dinosn / Nicolas Krassas, linking github.com/NVIDIA/SkillSpector; repo metadata verified via GitHub API 2026-05-31)
SkillSpector is an open-source security scanner for AI agent skills, published by NVIDIA. It statically inspects skill bundles for vulnerabilities, malicious patterns, and security risks before you install or run them — the skill-supply-chain analog of a dependency scanner. It addresses a real gap as the skills ecosystem grows: skills are executable instructions plus bundled files, and an untrusted skill can carry prompt-injection payloads, credential-exfiltration steps, or dangerous shell commands.
Key Takeaways
- What it does: scans AI agent skills for vulnerabilities, malicious patterns, and security risks (static analysis of skill bundles). ^[inferred — exact rule set / CLI flags not yet read from the README]
- Who ships it: NVIDIA (repo
NVIDIA/SkillSpector), Apache-2.0, Python. 483 stars, last pushed 2026-05-18 (at time of capture). - Why it matters: skills are run with the agent’s privileges. Vetting a third-party skill before enabling it is the skills-era equivalent of auditing an npm package — and the wiki’s skill-marketplace coverage (skills hubs, one-click installs) makes a vetting tool load-bearing.
- Fits the defense-in-depth theme already covered for Hermes (hermes-security-model) and the OSS-tool-gap-fillers for Claude Code (five-oss-tools-claude-code-blind-spots, which covers DeepSec) — SkillSpector targets the skill artifact specifically.
Try It
- Repo:
github.com/NVIDIA/SkillSpector(Apache-2.0, Python). - Run it against a skill you’re about to install from a public hub before enabling it — treat an unvetted skill like unvetted code.
- Pair with least-privilege install discipline (per-tool whitelisting, scoped credentials) as in hermes-mcp-catalog and hermes-security-model.
Related
- agent-skills-overview
- anthropic-skills-repo
- five-oss-tools-claude-code-blind-spots
- skills-ecosystem
- hermes-security-model
- Security-Guidance Plugin (Anthropic Official) — Anthropic’s first-party in-session scanner; SkillSpector vets skills you install, the security-guidance plugin vets code Claude writes.
Open Questions
- Exact scan coverage (which vulnerability classes / injection patterns), CLI usage, and CI integration — needs a README + source pull (not yet deep-read; this article is from verified repo metadata + the source post).
- Does it understand the Anthropic skill format specifically, or generic “agent skill” bundles? Verify before citing as Claude-skill-specific.