NVIDIA released SkillSpector, an open‑source scanner that checks AI agent skills for security flaws before they run. The tool targets plugins used by Claude Code, Codex CLI, Gemini CLI and similar platforms, where implicit trust often skips vetting. Researchers found 26.1% of skills contain vulnerabilities and 5.2% show likely malicious intent.

SkillSpector supports multi‑format inputs—Git repos, URLs, zip files, directories or single files—and runs a two‑stage analysis: fast static checks followed by optional LLM‑based semantic evaluation. It queries OSV.dev for live CVE data, falling back to offline lists, and outputs results as terminal tables, JSON, Markdown or SARIF for CI pipelines.

The scanner flags 64 vulnerability patterns across 16 categories, from prompt injection and data exfiltration to privilege escalation and tool misuse. Each finding receives a 0‑100 risk score with severity labels and remediation advice. By integrating SkillSpector into development workflows, teams can block unsafe skills before deployment, reducing attack surface for AI agents.

Installation uses a virtual environment and supports both uv and pip. After cloning the repo, users run `make install` for production or `make install-dev` for development. Configuration lets you point to any OpenAI‑compatible endpoint—including Anthropic, NVIDIA Build, or local Ollama—so the same scanner works across cloud and on‑premise setups.