• Category: Agentic coding
  • Status: discussion
  • Sources: GitHub repository
  • Summary: NVIDIA published SkillSpector, an Apache-2.0 Python tool that statically scans AI agent skills (the skill bundles used by Claude Code, Codex CLI, Gemini CLI, and similar agents) for vulnerabilities and malicious patterns before installation. It ships 64 detection patterns across 16 categories including prompt injection, data exfiltration, privilege escalation, supply chain, tool poisoning, and MCP least-privilege checks, runs a static pass plus an optional LLM semantic pass, queries OSV.dev for live CVE data, and emits a 0-to-100 risk score with terminal, JSON, Markdown, and SARIF output. The repository trended this cycle (about 5,600 stars) and cites internal research that 26.1 percent of skills contain vulnerabilities and 5.2 percent show likely malicious intent; those figures are the project's own and are not independently verified. No tagged release exists yet.
  • Why it matters: Agent skills execute with implicit trust and minimal vetting, the same install-and-run trust model behind the Arch AUR supply-chain wave, so a dedicated scanner that produces SARIF for CI gives teams a way to vet third-party skills before they run.
  • Follow-up: Watch for a tagged release, the underlying skill-vulnerability research, and false-positive rates from practitioner use.

Send feedback on this story