SkillSpector — Agent Tool by NVIDIA

by NVIDIA · Agent Tool · ★ 11.5k

Last updated: · Indexed by AgentSkillsHub · Auto-synced every 8h

About SkillSpector

SkillSpector Security scanner for AI agent skills. Detect vulnerabilities, malicious patterns, and security risks before installing agent skills. Overview AI agent skills (used by Claude Code, Codex CLI, Gemini CLI, etc.) execute with implicit trust and minimal vetting. Research shows that 26.1% of skills contain vulnerabilities and 5.2% show likely malicious intent. SkillSpector helps you answer: "Is this skill safe to install?" Documentation Development guide — Architecture, package layout, and how to extend the analyzer pipeline. Features Multi-format input: Scan Git repos, URLs, zip files, directories, or single files 64 vulnerability patterns across 16 categories: prompt injection, data exfiltration, privilege escalation, supply chain, excessive agency, output handling, system prompt leakage, memory poisoning, tool misuse, rogue agent, trigger abuse, dangerous code (AST), taint tracking, YARA signatures, MCP least privilege, and MCP tool poisoning Two-stage analysis: Fast static analysis + optional LLM semantic evaluation Live vulnerability lookups: SC4 queries OSV.dev for real-time CVE data with automatic offline fallback Multipl

Quick Facts

Stars11,514
Forks936
LanguagePython
CategoryAgent Tool
LicenseApache-2.0
Quality Score73.3362255079436/100
Open Issues71
Last Updated2026-06-30
Created2026-03-21
Platformscli, python
Est. Tokens~18k

Compatible Skills

These tools work well together with SkillSpector for enhanced workflows:

  • agent-scan — semantic(0.48)+complementary+same_lang+similar_pop+shared_platform (67%)
  • Semia — semantic(0.29)+complementary+same_lang+similar_pop+shared_platform (60%)
  • claude-code-security-review — semantic(0.23)+complementary+same_lang+similar_pop+shared_platform (58%)
  • repo-forensics — semantic(0.47)+complementary+same_lang+shared_platform (57%)
  • mcp-scanner — semantic(0.16)+complementary+same_lang+similar_pop+shared_platform (56%)

SkillSpector alternative? Top 3 similar tools

Looking for a SkillSpector alternative? If you're comparing SkillSpector with other agent tool tools, these 3 projects are the closest alternatives on Agent Skills Hub — ranked by topic overlap, star count, and community traction.

  • open-saas by wasp-lang · ⭐ 14.7k

    A 100% free modern JS SaaS boilerplate (React, NodeJS, Prisma). Full-featured: Auth (email, google, github, sl

  • agent-skills by tech-leads-club · ⭐ 4.8k

    The secure, validated skill registry for professional AI coding agents. Extend Antigravity, Claude Code, Curso

  • raptor by gadievron · ⭐ 3.2k

    Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and

More Agent Tool Tools

Explore other popular agent tool tools:

View all Agent Tool tools →

Popular Python Agent Tools

Frequently Asked Questions

What is SkillSpector?

SkillSpector is Security scanner for AI agent skills. Detect vulnerabilities, malicious patterns, and security risks.. It is categorized as a Agent Tool with 11.5k GitHub stars.

What programming language is SkillSpector written in?

SkillSpector is primarily written in Python.

How do I install or use SkillSpector?

You can find installation instructions and usage details in the SkillSpector GitHub repository at github.com/NVIDIA/SkillSpector. The project has 11.5k stars and 936 forks, indicating an active community.

What license does SkillSpector use?

SkillSpector is released under the Apache-2.0 license, making it free to use and modify according to the license terms.

What are the best alternatives to SkillSpector?

The top alternatives to SkillSpector on Agent Skills Hub include open-saas, agent-skills, raptor. Each offers a different approach to the same problem space — compare them side-by-side by stars, quality score, and community activity.

View on GitHub → Browse Agent Tool tools