ML.

Skillspector

Analyzing SkillSpector: How Do You Check Whether an Agent Skill Is Safe?

SkillSpector is NVIDIA's security scanner for AI agent skills. It vets a skill before install to find prompt injection, data exfiltration, and malicious code. We analyze its structure — a LangGraph map-reduce graph that fans out to 25 analyzers (static patterns, AST, taint, YARA, MCP, LLM semantics) and reduces them to a single risk score — against Superpowers and ponytail, which inject skills.