RepoRadar
Leave a Tip
Item detail

NVIDIA/SkillSpector

SkillSpector is NVIDIA's Apache-2.0 security scanner for AI agent skills. It scans skill repos, URLs, zips, directories, or files for prompt injection, data exfiltration, privilege escalation, supply-chain issues, excessive agency, output-handling flaws, and other agent-skill risks.

Open source Back to radar
Score7.5
Popularity57.0
Riskconditional
TierGold
Score breakdown
Usefulness8.0
Novelty7.0
Momentum8.0
Maturity7.2
Open-source/build8.4
Evidence7.2
Workflow potential8.6
Setup ease6.4

Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.

Why it matters

Useful for teams installing third-party Claude Code, Codex CLI, or Gemini CLI skills: run the scan before trusting a skill package with local files, credentials, or autonomous workflows.

Who should use it

security engineersAI platform teamscoding-agent users

Who should skip it

Skip if the source link, docs, or setup requirements do not match your workflow.

Risk explanation

may send scanned skill content to a configured LLM endpoint; security-sensitive analysis.

Evidence links

Closest alternatives / related signals

securityagent-skillssupply-chainnvidia