NVIDIA SkillSpector: Open-Source Security Scanner for AI Agent Skills
NVIDIA
NVIDIA released SkillSpector (June 13, 2026), an open-source security scanner purpose-built for AI agent skills. It checks 64 vulnerability patterns across 16 categories, covering conventional software risks and agent-specific risks such as prompt injection, insecure data handling, and logic flaws. The tool is grounded in OWASP LLM guidance and MITRE ATLAS. An accompanying Snyk audit of 3,984 skills found that 26.1% contain vulnerabilities and 5.2% show likely malicious intent, including 1,467 malicious payloads such as trojans, cryptominers, and credential harvesters. The repository is available at github.com/NVIDIA/SkillSpector.
Why it matters
As agent skill marketplaces grow — including those for Claude Code and OpenClaw — supply-chain security for skills becomes a real attack surface. SkillSpector is the first dedicated, standardized tool for this problem, analogous to what Snyk does for package dependencies. NVIDIA's institutional backing gives it potential to become the default audit step in agent deployment pipelines.
Importance: 3/5
First dedicated security scanner for AI agent skills from a major lab; addresses a real and underserved supply-chain risk in the growing agent ecosystem.