NVIDIA released SkillSpector, an open-source security scanner that checks AI agent skills for vulnerabilities before installation. The tool addresses a structural risk that scales with every agent framework that ships a plugin ecosystem: each installed skill is third-party code running with the agent’s full permissions.
The threat model maps closely to the malicious-npm-package problem. A skill that harvests environment variables, opens an external network connection, or injects hidden instructions into the agent’s context can operate silently because agents extend implicit trust to their installed capabilities. Research cited in the SkillSpector repository scanned 42,447 skills from major marketplaces and found 26.1 percent contain at least one vulnerability; 5.2 percent show likely malicious intent.
SkillSpector runs a two-stage pipeline: static analysis across 64 vulnerability patterns in 16 categories, followed by optional LLM semantic evaluation to filter false positives and explain findings. It outputs JSON, Markdown, or SARIF reports for CI integration.
The release follows NVIDIA’s earlier unified safety model work and extends its positioning into the agent security tier. Operators evaluating third-party skills for Claude Code, Codex CLI, or Gemini CLI integrations should run SkillSpector before any production deployment.
NVIDIA, via github.com/NVIDIA/SkillSpector, published 2026-06-11.
