NVIDIA Launches Open-Source AI Security Scanner That Detects Vulnerabilities in Agent Skills Before Installation

NVIDIA launches SkillSpector, a free open-source AI security scanner that detects vulnerabilities and malicious patterns in AI agent skills before installation, targeting a growing threat landscape where over 26% of skills contain security risks.

• NVIDIA's SkillSpector is an open-source security scanner designed to detect vulnerabilities, malicious patterns, and security risks in AI agent skills before installation, addressing research findings that 26.1% of skills contain vulnerabilities and 5.2% show likely malicious intent.
• The tool detects 64 vulnerability patterns across 16 categories — including prompt injection, data exfiltration, privilege escalation, and MCP tool poisoning — using a two-stage pipeline combining fast static analysis with optional LLM semantic evaluation to achieve approximately 87% precision.
• SkillSpector supports multiple input formats such as Git repos, URLs, zip files, and directories, outputs results as Terminal, JSON, Markdown, or SARIF reports, and integrates with providers like OpenAI, Anthropic, and NVIDIA's own inference platform for LLM-powered analysis.