NVIDIA’s SkillSpector adds pre-installation scanning for AI agent skills

NVIDIA has updated its open source SkillSpector project with new scanning capabilities aimed at finding security issues in AI agent skills before they are installed.

The tool is designed to inspect skills and related components for vulnerabilities, suspicious patterns and other security risks. According to the project repository, SkillSpector combines static, semantic and behavioral analysis to evaluate agent skills and MCP servers, with the goal of identifying threats before they reach production systems.

The latest update expands the project’s provider support and testing coverage. The public release snapshot, which was refreshed on June 16, bumps the package version to 2.2.3 and broadens Python compatibility coverage through the 3.14 release line. It also adds native LangChain chat model creation backed by providers, including Anthropic, along with shared helpers for OpenAI-compatible services.

SkillSpector’s core purpose is to act as a security scanner for AI agent skills, a category of software components that can give agents access to tools, data sources or workflows. That makes them a potential target for abuse if a skill includes hidden instructions, malicious behavior or overly broad permissions. NVIDIA says the project is intended to detect those issues through a combination of analysis methods rather than relying on a single check.

The repository describes several analysis areas already built into the system. These include checks for least-privilege behavior, tool poisoning and rug-pull risks in MCP-related components. The scanner also looks for static threat patterns such as prompt injection, data exfiltration, privilege escalation, harmful content and unsafe output handling. In addition, the project includes semantic analysis supported by LLMs and behavioral analysis based on AST inspection and taint tracking.

The new release appears to focus on making the LLM-backed parts of the system easier to use across different providers. Alongside the new model factory path, NVIDIA added live provider test targets and endpoint tests. The project notes that unit and coverage targets remain separated from provider and integration markers, suggesting the release is aimed at keeping routine testing manageable while still validating provider-specific behavior.

The update also includes a refresh of the project’s public tree from an internal release branch and verification steps showing the unit test suite passing. The repository notes 621 unit tests passed, with 12 skipped and 26 deselected during the snapshot process.

SkillSpector was initially released in May as a broader AI agent security platform, with support for a scanning pipeline built on LangGraph, a model registry, SARIF output, a CLI and multiple analyzers. Since then, the project has continued to evolve as NVIDIA extends its ability to assess the security posture of agent skills and related infrastructure.

The latest changes reinforce that focus by making security checks available before installation, where they may be most useful for developers and teams evaluating third-party or internally developed agent components.