# SkillSpector — Security Scanner for AI Agent Skills > NVIDIA tool that analyzes AI agent skills and plugins for vulnerabilities, malicious patterns, and security risks before installation, protecting agent pipelines from supply-chain attacks. ## Install Save as a script file and run: # SkillSpector — Security Scanner for AI Agent Skills ## Quick Use ```bash pip install skillspector skillspector scan ./my-agent-skill ``` ## Introduction SkillSpector is a security analysis tool by NVIDIA that scans AI agent skills, plugins, and tool definitions for vulnerabilities and malicious patterns before they are deployed. As AI agents increasingly rely on third-party skills and integrations, SkillSpector helps teams vet these components for prompt injection, data exfiltration, and other supply-chain risks. ## What SkillSpector Does - Scans agent skill definitions for prompt injection vulnerabilities - Detects data exfiltration patterns in tool implementations - Identifies overly permissive access scopes in skill configurations - Checks for known malicious patterns in MCP server definitions and plugins - Generates detailed security reports with severity ratings and remediation guidance ## Architecture Overview SkillSpector parses skill manifests and tool definitions into an abstract syntax tree, then applies a set of static analysis rules that check for common attack vectors in AI agent integrations. It combines pattern matching with LLM-assisted analysis to catch both known vulnerability signatures and novel suspicious behaviors. ## Self-Hosting & Configuration - Install via pip and run from the command line against any skill directory - Configure scanning rules and severity thresholds in a YAML config file - Integrate into CI/CD pipelines to block unsafe skills before deployment - Supports scanning of OpenAI function definitions, MCP tools, and LangChain tools - Output reports in JSON, SARIF, or human-readable formats ## Key Features - Static analysis of agent tool definitions without executing the code - LLM-assisted detection of subtle prompt injection and social engineering patterns - SARIF output for integration with GitHub Code Scanning and IDE security panels - Configurable rule sets to match organizational security policies - Support for multiple agent framework formats including MCP and OpenAI plugins ## Comparison with Similar Tools - **Garak** — LLM vulnerability scanner focused on model behavior; SkillSpector focuses on skill and plugin code - **Semgrep** — general static analysis; SkillSpector has rules specific to AI agent attack surfaces - **Snyk** — dependency vulnerability scanning; SkillSpector covers AI-specific supply chain risks - **Promptfoo** — tests LLM prompt robustness; SkillSpector scans the tools and skills agents use ## FAQ **Q: What agent frameworks does it support?** A: It scans OpenAI function calling specs, MCP server definitions, LangChain tools, and generic Python-based agent skills. **Q: Can it run in a CI pipeline?** A: Yes. Use the CLI with JSON or SARIF output and set a severity threshold to fail the build on critical findings. **Q: Does it require an API key?** A: The static analysis engine runs locally. The optional LLM-assisted scan mode requires an API key for the configured model. **Q: How does it detect prompt injection in skills?** A: It analyzes tool descriptions, parameter schemas, and return value handling for patterns that could manipulate the agent's behavior. ## Sources - https://github.com/NVIDIA/SkillSpector - https://developer.nvidia.com/skillspector --- Source: https://tokrepo.com/en/workflows/asset-06fa90dd Author: Script Depot