NVIDIA open-sources SkillSpector, a security scanner for AI agent skills
NVIDIA has released SkillSpector as an open-source tool designed to check for security problems. AI agents extend their abilities by loading external modules called "skills," but recent research found that roughly one in four publicly available skills contains a security , and a smaller number are outright malicious.
SkillSpector automatically scans these skills to flag dangerous ones before they are used. For s assembling AI agents from third-party skills, this highlights a real and underappreciated risk in the current ecosystem.
Key points
- About 1 in 4 publicly available has been found to contain a security
- Some skills go further and include outright malicious code
- NVIDIA released SkillSpector as a free, open-source scanner to detect these risky skills
- Developers using third-party skills in AI agents should consider auditing them before deployment
- Check the GitHub repo (NVIDIA/SkillSpector) directly for detection accuracy and usage details
Sources covering this story (2)
- r/LovingOpenSourceAINVIDIA open-sources SkillSpector, a security scanner for AI agent skills ↗
- r/LovingAIAgentsAkshay "NVIDIA might just have open-sourced one of the most important AI projects right now. ecent research found roughly 1 in 4 public skills carry a vulnerability, and a smaller slice are outright malicious. that is the gap SkillSpector closes. it is a security scanner" ➡️ seems very useful! ↗