Esta página se muestra en inglés. Una traducción al español está en curso.
ScriptsJul 7, 2026·3 min de lectura

SkillSpector — Security Scanner for AI Agent Skills

NVIDIA tool that analyzes AI agent skills and plugins for vulnerabilities, malicious patterns, and security risks before installation, protecting agent pipelines from supply-chain attacks.

Listo para agents

Instalación lista para agent

Este activo puede instalarse después de elegir el runtime, revisar el plan y ejecutar el comando correspondiente.

Native · 98/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
SkillSpector Overview
Comando de instalación directa
npx -y tokrepo@latest install 06fa90dd-7a46-11f1-9bc6-00163e2b0d79 --target codex

Ejecutar después de confirmar el plan con dry-run.

Introduction

SkillSpector is a security analysis tool by NVIDIA that scans AI agent skills, plugins, and tool definitions for vulnerabilities and malicious patterns before they are deployed. As AI agents increasingly rely on third-party skills and integrations, SkillSpector helps teams vet these components for prompt injection, data exfiltration, and other supply-chain risks.

What SkillSpector Does

  • Scans agent skill definitions for prompt injection vulnerabilities
  • Detects data exfiltration patterns in tool implementations
  • Identifies overly permissive access scopes in skill configurations
  • Checks for known malicious patterns in MCP server definitions and plugins
  • Generates detailed security reports with severity ratings and remediation guidance

Architecture Overview

SkillSpector parses skill manifests and tool definitions into an abstract syntax tree, then applies a set of static analysis rules that check for common attack vectors in AI agent integrations. It combines pattern matching with LLM-assisted analysis to catch both known vulnerability signatures and novel suspicious behaviors.

Self-Hosting & Configuration

  • Install via pip and run from the command line against any skill directory
  • Configure scanning rules and severity thresholds in a YAML config file
  • Integrate into CI/CD pipelines to block unsafe skills before deployment
  • Supports scanning of OpenAI function definitions, MCP tools, and LangChain tools
  • Output reports in JSON, SARIF, or human-readable formats

Key Features

  • Static analysis of agent tool definitions without executing the code
  • LLM-assisted detection of subtle prompt injection and social engineering patterns
  • SARIF output for integration with GitHub Code Scanning and IDE security panels
  • Configurable rule sets to match organizational security policies
  • Support for multiple agent framework formats including MCP and OpenAI plugins

Comparison with Similar Tools

  • Garak — LLM vulnerability scanner focused on model behavior; SkillSpector focuses on skill and plugin code
  • Semgrep — general static analysis; SkillSpector has rules specific to AI agent attack surfaces
  • Snyk — dependency vulnerability scanning; SkillSpector covers AI-specific supply chain risks
  • Promptfoo — tests LLM prompt robustness; SkillSpector scans the tools and skills agents use

FAQ

Q: What agent frameworks does it support? A: It scans OpenAI function calling specs, MCP server definitions, LangChain tools, and generic Python-based agent skills.

Q: Can it run in a CI pipeline? A: Yes. Use the CLI with JSON or SARIF output and set a severity threshold to fail the build on critical findings.

Q: Does it require an API key? A: The static analysis engine runs locally. The optional LLM-assisted scan mode requires an API key for the configured model.

Q: How does it detect prompt injection in skills? A: It analyzes tool descriptions, parameter schemas, and return value handling for patterns that could manipulate the agent's behavior.

Sources

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados