by NVIDIA · Agent Tool · ★ 11.5k
Last updated: · Indexed by AgentSkillsHub · Auto-synced every 8h
SkillSpector Security scanner for AI agent skills. Detect vulnerabilities, malicious patterns, and security risks before installing agent skills. Overview AI agent skills (used by Claude Code, Codex CLI, Gemini CLI, etc.) execute with implicit trust and minimal vetting. Research shows that 26.1% of skills contain vulnerabilities and 5.2% show likely malicious intent. SkillSpector helps you answer: "Is this skill safe to install?" Documentation Development guide — Architecture, package layout, and how to extend the analyzer pipeline. Features Multi-format input: Scan Git repos, URLs, zip files, directories, or single files 64 vulnerability patterns across 16 categories: prompt injection, data exfiltration, privilege escalation, supply chain, excessive agency, output handling, system prompt leakage, memory poisoning, tool misuse, rogue agent, trigger abuse, dangerous code (AST), taint tracking, YARA signatures, MCP least privilege, and MCP tool poisoning Two-stage analysis: Fast static analysis + optional LLM semantic evaluation Live vulnerability lookups: SC4 queries OSV.dev for real-time CVE data with automatic offline fallback Multipl
| Stars | 11,514 |
| Forks | 936 |
| Language | Python |
| Category | Agent Tool |
| License | Apache-2.0 |
| Quality Score | 73.3362255079436/100 |
| Open Issues | 71 |
| Last Updated | 2026-06-30 |
| Created | 2026-03-21 |
| Platforms | cli, python |
| Est. Tokens | ~18k |
These tools work well together with SkillSpector for enhanced workflows:
Looking for a SkillSpector alternative? If you're comparing SkillSpector with other agent tool tools, these 3 projects are the closest alternatives on Agent Skills Hub — ranked by topic overlap, star count, and community traction.
A 100% free modern JS SaaS boilerplate (React, NodeJS, Prisma). Full-featured: Auth (email, google, github, sl
The secure, validated skill registry for professional AI coding agents. Extend Antigravity, Claude Code, Curso
Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and
Explore other popular agent tool tools:
SkillSpector is Security scanner for AI agent skills. Detect vulnerabilities, malicious patterns, and security risks.. It is categorized as a Agent Tool with 11.5k GitHub stars.
SkillSpector is primarily written in Python.
You can find installation instructions and usage details in the SkillSpector GitHub repository at github.com/NVIDIA/SkillSpector. The project has 11.5k stars and 936 forks, indicating an active community.
SkillSpector is released under the Apache-2.0 license, making it free to use and modify according to the license terms.
The top alternatives to SkillSpector on Agent Skills Hub include open-saas, agent-skills, raptor. Each offers a different approach to the same problem space — compare them side-by-side by stars, quality score, and community activity.