All Tools
N
MonitoringFreeOpen Source
NVIDIA SKILLSPECTOR
Security scanner for AI agent skills
Apache-2.0
ABOUT
AI agent skills execute with implicit trust and minimal vetting. Research shows that 26.1% of skills contain vulnerabilities and 5.2% show likely malicious intent, yet developers have no standardized way to audit agent skills before installing them from third-party sources. NVIDIA SkillSpector fills this gap with a purpose-built security scanner that detects prompt injection, data exfiltration, command injection, credential leaks, and other attack patterns across AI agent skill formats from all major coding assistants.
INSTALL
git clone https://github.com/NVIDIA/skillspector.git
cd skillspector && make install
INTEGRATION GUIDE
1. Scan AI agent skills for vulnerabilities before installing from third-party sources or marketplaces
2. Detect prompt injection, data exfiltration, and command injection patterns across 64 vulnerability signatures
3. Audit skill repositories and CI/CD pipelines with automated multi-format scanning (Git repos, URLs, directories)
4. Integrate security scanning into agent development workflows with LLM-powered analysis for false positive triage
5. Enforce security policies for enterprise agent deployments across Claude Code, Codex CLI, and Gemini CLI skills
TAGS
securityai-agentsvulnerability-scanningclaude-codecodexprompt-injectionnvidia