SkillSpector
ActiveDescription
NVIDIA's SkillSpector inspects and evaluates the tool-use and function-calling skills of LLM agents against safety, correctness, and performance criteria.
Key Features
- Open-sourced by NVIDIA with backing from a hardware leader
- Static scanning of agent skills to detect malicious code and vulnerabilities
- Multi-dimensional detection: command injection, credential leaks, unsafe IO
- CI integration to block malicious skills from being merged
- Extensible rule set with team-defined custom rules
Use Cases
💡 Audit third-party agent skill safety inside the enterprise
💡 Auto-block malicious skills from being merged in CI
💡 Provide skill safety scores for agent marketplaces
💡 Use as a research project to explore the attack surface of agent skills
Categories
Quick Start
# Install
pip install skillspector
# Scan a skill directory
skillspector scan ./my-skill
# CI integration: non-zero exit code means failure
skillspector scan --strict ./my-skill
# Output a JSON report
skillspector scan --format json ./my-skill > report.json