ScriptsJul 7, 2026·3 min read

SkillSpector — Security Scanner for AI Agent Skills

NVIDIA tool that analyzes AI agent skills and plugins for vulnerabilities, malicious patterns, and security risks before installation, protecting agent pipelines from supply-chain attacks.

Agent ready

Ready-to-run agent install

This asset can be installed after the agent chooses its runtime, checks the plan, and runs the matching command.

Native · 98/100Policy: allow
Agent surface
Any MCP/CLI agent
Kind
Skill
Install
Single
Trust
Trust: Established
Entrypoint
SkillSpector Overview
Direct install command
npx -y tokrepo@latest install 06fa90dd-7a46-11f1-9bc6-00163e2b0d79 --target codex

Run after dry-run confirms the install plan.

Introduction

SkillSpector is a security analysis tool by NVIDIA that scans AI agent skills, plugins, and tool definitions for vulnerabilities and malicious patterns before they are deployed. As AI agents increasingly rely on third-party skills and integrations, SkillSpector helps teams vet these components for prompt injection, data exfiltration, and other supply-chain risks.

What SkillSpector Does

  • Scans agent skill definitions for prompt injection vulnerabilities
  • Detects data exfiltration patterns in tool implementations
  • Identifies overly permissive access scopes in skill configurations
  • Checks for known malicious patterns in MCP server definitions and plugins
  • Generates detailed security reports with severity ratings and remediation guidance

Architecture Overview

SkillSpector parses skill manifests and tool definitions into an abstract syntax tree, then applies a set of static analysis rules that check for common attack vectors in AI agent integrations. It combines pattern matching with LLM-assisted analysis to catch both known vulnerability signatures and novel suspicious behaviors.

Self-Hosting & Configuration

  • Install via pip and run from the command line against any skill directory
  • Configure scanning rules and severity thresholds in a YAML config file
  • Integrate into CI/CD pipelines to block unsafe skills before deployment
  • Supports scanning of OpenAI function definitions, MCP tools, and LangChain tools
  • Output reports in JSON, SARIF, or human-readable formats

Key Features

  • Static analysis of agent tool definitions without executing the code
  • LLM-assisted detection of subtle prompt injection and social engineering patterns
  • SARIF output for integration with GitHub Code Scanning and IDE security panels
  • Configurable rule sets to match organizational security policies
  • Support for multiple agent framework formats including MCP and OpenAI plugins

Comparison with Similar Tools

  • Garak — LLM vulnerability scanner focused on model behavior; SkillSpector focuses on skill and plugin code
  • Semgrep — general static analysis; SkillSpector has rules specific to AI agent attack surfaces
  • Snyk — dependency vulnerability scanning; SkillSpector covers AI-specific supply chain risks
  • Promptfoo — tests LLM prompt robustness; SkillSpector scans the tools and skills agents use

FAQ

Q: What agent frameworks does it support? A: It scans OpenAI function calling specs, MCP server definitions, LangChain tools, and generic Python-based agent skills.

Q: Can it run in a CI pipeline? A: Yes. Use the CLI with JSON or SARIF output and set a severity threshold to fail the build on critical findings.

Q: Does it require an API key? A: The static analysis engine runs locally. The optional LLM-assisted scan mode requires an API key for the configured model.

Q: How does it detect prompt injection in skills? A: It analyzes tool descriptions, parameter schemas, and return value handling for patterns that could manipulate the agent's behavior.

Sources

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets