# NVIDIA SkillSpector SkillSpector is NVIDIA's open-source **security scanner for [[AI Agent Skills]]** — the executable skill components used by [[Claude Code Skills|Claude Code]], [[Codex CLI]], and [[Gemini CLI]]. It vets a skill *before* you install it, detecting vulnerabilities and malicious patterns. ## Key points - **Why it exists** — NVIDIA's research found 26.1% of skills contain vulnerabilities and 5.2% show likely malicious intent; executable scripts are ~2.12x more likely to be vulnerable. SkillSpector is the pre-install gate for that risk. - **Detection** — 64 rules across 16 categories: [[Prompt injection]], data exfiltration, privilege escalation, supply-chain risk, dangerous code execution, etc. - **Two-stage analysis** — fast static pattern matching, then optional LLM-powered semantic evaluation for intent. - **Inputs** — git repos, URLs, zip files, directories, single files. - **Output** — terminal, JSON, Markdown, SARIF; risk score 0–100 with severity labels. - **Under the hood** — Python 3.12+, LangGraph architecture; AST behavioral analysis, YARA signatures, taint tracking; live CVE lookups via OSV.dev (offline fallback); LLM providers OpenAI / Anthropic / NVIDIA. - **License** — Apache 2.0. ## Why it matters As skills become the portable unit of agent capability (see [[Google AI Skills]], [[AI Skill Distribution]]), the attack surface moves to the skill supply chain. SkillSpector is exactly the vetting layer the [[AI Skill Supply Chain Security]] thesis calls for, and a practical complement to the [[AI Skill Portability Checklist]] — portability and safety are two halves of trustworthy skill distribution. ## References - Repository: https://github.com/NVIDIA/SkillSpector ## Related - [[AI Agent Skills]] - [[AI Skill Supply Chain Security]] - [[AI Skill Portability Checklist]] - [[Prompt injection]] - [[Google AI Skills]] - [[Claude Code Skills]]