Scripts2026年7月7日·1 分钟阅读

SkillSpector — Security Scanner for AI Agent Skills

NVIDIA tool that analyzes AI agent skills and plugins for vulnerabilities, malicious patterns, and security risks before installation, protecting agent pipelines from supply-chain attacks.

Agent 就绪

Agent 可直接安装

这个资产可安装;Agent 先选择当前运行时、检查安装计划,再运行匹配命令。

Native · 98/100策略:允许
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Single
信任
信任等级:Established
入口
SkillSpector Overview
直接安装命令
npx -y tokrepo@latest install 06fa90dd-7a46-11f1-9bc6-00163e2b0d79 --target codex

先 dry-run 确认安装计划,再运行此命令。

Introduction

SkillSpector is a security analysis tool by NVIDIA that scans AI agent skills, plugins, and tool definitions for vulnerabilities and malicious patterns before they are deployed. As AI agents increasingly rely on third-party skills and integrations, SkillSpector helps teams vet these components for prompt injection, data exfiltration, and other supply-chain risks.

What SkillSpector Does

  • Scans agent skill definitions for prompt injection vulnerabilities
  • Detects data exfiltration patterns in tool implementations
  • Identifies overly permissive access scopes in skill configurations
  • Checks for known malicious patterns in MCP server definitions and plugins
  • Generates detailed security reports with severity ratings and remediation guidance

Architecture Overview

SkillSpector parses skill manifests and tool definitions into an abstract syntax tree, then applies a set of static analysis rules that check for common attack vectors in AI agent integrations. It combines pattern matching with LLM-assisted analysis to catch both known vulnerability signatures and novel suspicious behaviors.

Self-Hosting & Configuration

  • Install via pip and run from the command line against any skill directory
  • Configure scanning rules and severity thresholds in a YAML config file
  • Integrate into CI/CD pipelines to block unsafe skills before deployment
  • Supports scanning of OpenAI function definitions, MCP tools, and LangChain tools
  • Output reports in JSON, SARIF, or human-readable formats

Key Features

  • Static analysis of agent tool definitions without executing the code
  • LLM-assisted detection of subtle prompt injection and social engineering patterns
  • SARIF output for integration with GitHub Code Scanning and IDE security panels
  • Configurable rule sets to match organizational security policies
  • Support for multiple agent framework formats including MCP and OpenAI plugins

Comparison with Similar Tools

  • Garak — LLM vulnerability scanner focused on model behavior; SkillSpector focuses on skill and plugin code
  • Semgrep — general static analysis; SkillSpector has rules specific to AI agent attack surfaces
  • Snyk — dependency vulnerability scanning; SkillSpector covers AI-specific supply chain risks
  • Promptfoo — tests LLM prompt robustness; SkillSpector scans the tools and skills agents use

FAQ

Q: What agent frameworks does it support? A: It scans OpenAI function calling specs, MCP server definitions, LangChain tools, and generic Python-based agent skills.

Q: Can it run in a CI pipeline? A: Yes. Use the CLI with JSON or SARIF output and set a severity threshold to fail the build on critical findings.

Q: Does it require an API key? A: The static analysis engine runs locally. The optional LLM-assisted scan mode requires an API key for the configured model.

Q: How does it detect prompt injection in skills? A: It analyzes tool descriptions, parameter schemas, and return value handling for patterns that could manipulate the agent's behavior.

Sources

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产