Active

SkillSpector

SkillSpector is an open-source security scanner for AI agent skills, built to catch risky instructions, dangerous code paths, and malicious patterns before a team installs them.

Visit Website

Views

Likes

Jun 2026

Added

github.com

Website

Product Preview

A quick visual look at SkillSpector before you visit the official site.

Published 6/12/2026

Editorial Review

About SkillSpector

About

SkillSpector targets a new operational gap in agent tooling. Many teams install skills with far less scrutiny than they apply to normal code dependencies, so NVIDIA packages static analysis, risk scoring, and optional semantic review into a scanner aimed at that new trust boundary.

Why It Is Hot Now

It is hot now because agent ecosystems are growing faster than governance. GitHub Trending on June 12, 2026 showed 319 stars in a day, and the project stands out by treating agent skills as their own supply-chain surface rather than as generic scripts.

Key Features

Scans agent skills for prompt injection, data exfiltration, privilege escalation, memory poisoning, tool misuse, and other risky patterns.
Combines fast static analysis with optional LLM-assisted review so teams can triage obvious problems quickly.
Outputs terminal, JSON, Markdown, and SARIF formats for developer workflows and CI.

Real Use Cases

Reviewing third-party skills before installing them into Claude Code, Codex, Gemini CLI, or internal agent stacks.
Adding automated policy checks for agent-skill repos inside security or platform pipelines.
Auditing internal skill libraries to understand hidden permission or data-leak risk.

Community Pulse

The appeal is practical: agent tooling is spreading faster than review processes. Builders like that SkillSpector treats skills as a distinct risk surface, while the main concern is whether teams will actually enforce scans once shipping pressure grows.

Limits and Risks

SkillSpector does not replace sandboxing, approvals, or human review. It flags likely problems, but organizations still need runtime controls, permission boundaries, and judgment on what to allow.

Alternatives

Alternatives include manual skill review, general static analysis tools, internal allowlists, sandbox-first execution, and broader software supply-chain scanners without agent-specific rules.

FAQ

Who should test it first?: Platform, security, and agent-infra teams that already let developers share or install external skills.
What should they validate?: Whether it catches meaningful risk without producing so much noise that engineers bypass it.

Ready to try SkillSpector?

Visit the official website to get started

Visit SkillSpector

Quick Info

Website: github.com
Added: 6/12/2026
Published: 6/12/2026
Updated: 6/12/2026

Share This Tool

Twitter LinkedIn

Have an AI tool to share?

Submit it to AI Dreamhub

Get your product in front of people actively exploring AI tools.

Submit Your Tool

Related Tools

AI Detect Lab

AI Detect Lab is a free AI-generated image detection tool for checking whether an image may come from systems such as Midjourney, Stable Diffusion, DALL-E, Flux, or other AI image generators. It is useful for moderation, verification, and editorial review, but results should be treated as signals, not final proof.

AI Detect LabAI image detectorAI generated image detector

1850

Credence

Credence checks any MCP server or AI tool against a trust registry to score security and behavioral risk.

SecurityTrustProvenance

1640