Products/Application Security / Security Scanner/SkillSpector

SkillSpector

Security scanner for AI agent skills

Application Security / Security ScannerSanta Clara, United StatesPublicly traded20000+ peopleFounded 1993pythonanalyticscode-analysisdeveloper-tools
Visit SkillSpector

Our Take

Here's something terrifying: over a quarter of AI agent skills contain vulnerabilities, and 5% show likely malicious intent — yet we install them with basically zero vetting. SkillSpector is the first security scanner built specifically for AI agent skills, packing 64 vulnerability patterns across everything from prompt injection to memory poisoning. It's got two-stage analysis — fast static scanning plus optional LLM semantic evaluation — and just crossed 4.8k GitHub stars, which for a niche security tool is honestly unhinged. If you're deploying Claude Code, Codex CLI, or any agent skills right now without scanning them, that's genuinely reckless.

Detects vulnerabilities, malicious patterns, and security risks before installing AI agent skills. Provides two-stage analysis with fast static analysis and optional LLM semantic evaluation.

Key Features
Multi-format input scanning (Git repos, URLs, zip files, directories, single files), 64 vulnerability patterns across 16 categories (prompt injection, data exfiltration, privilege escalation, supply chain, excessive agency, output handling, system prompt leakage, memory poisoning, tool misuse, rogue agent, trigger abuse, dangerous code AST, taint tracking, YARA signatures, MCP least privilege, MCP tool poisoning), Two-stage analysis: Fast static analysis + optional LLM semantic evaluation, Live vulnerability lookups via SC4 queries OSV.dev for real-time CVE data with automatic offline fallback, Multiple output formats: Terminal, JSON, Markdown, and SARIF reports, Risk scoring: 0-100 score with severity labels and clear recommendations
Problem It Solves
AI agent skills (used by Claude Code, Codex CLI, Gemini CLI) execute with implicit trust and minimal vetting. Research shows 26.1% of skills contain vulnerabilities and 5.2% show likely malicious intent.
Target Customer
Developers and security teams using AI agent skills who need to vet skills before installation
Use Cases
Scan AI agent skills before installation, Detect vulnerabilities in skill repositories, Identify malicious patterns in agent code, Security vetting for AI skill marketplaces
Pricing Details
Open source project - free to use
Free Tier
Open source (Apache-2.0 license)
Differentiator
First security scanner specifically designed for AI agent skills with 64 vulnerability patterns across 16 categories
Why Now
Growing adoption of AI agent skills that execute with implicit trust; research indicates over 26% contain vulnerabilities and 5% show malicious intent
Traction
Notable Metrics: 4.8k stars on GitHub

Key Facts

Category
Application Security / Security Scanner
Location
Santa Clara, United States
Founded
1993
Team Size
20000+ people
Stage
Publicly traded
Discovered via
github-trending

The people behind SkillSpector

A

Aaron Plattner

profile

Developer

GitHub
A

Alexandre Begnoche

profile

Developer

GitHub
A

Anas Ahouzi

profile

Developer

AI Performance Engineer @NVIDIA

GitHub
I

Ivan Sorokin

profile

Developer

Reinforcement Learning -> Speech Recognition -> Natural Language Processing

GitHub
J

Jonathan Calmels

profile

Developer

GitHub

Links

WebsiteGitHubSource: github-trending

Browse by category

Ai & machine learning (84)Developer tools (45)Productivity & collaboration (30)Finance & payments (16)Devtools (13)Security (8)Ai (8)Utilities (7)Other (7)Infrastructure (7)Education (7)Media & entertainment (6)E-commerce & retail (5)Design & creative (5)Communication (5)Security & privacy (4)Marketing & sales (4)Macos utility app (4)Health (4)Developer tools / ai coding assistant (4)

Want products like this in your inbox every morning?

Five products. Every morning. Written by someone who actually cares whether they're good or not. Free forever, unsubscribe whenever.

SkillSpector — SLAYREPORT