NVIDIA has introduced SkillSpector, an open-source security scanner designed to evaluate AI agent skills used by platforms such as Claude Code, Codex CLI, and Gemini CLI.
The tool analyzes skills for vulnerabilities, malicious behavior, prompt injection risks, data exfiltration attempts, supply chain threats, and other security concerns before they are installed.
SkillSpector uses automated static analysis and optional AI-assisted reviews to generate risk scores and actionable recommendations. NVIDIA says the project addresses growing security challenges in the rapidly expanding AI agent ecosystem, where skills often execute with broad permissions and limited vetting.
