Claude Skill
NVIDIA/SkillSpector
NVIDIA 的 SkillSpector 扫描 AI 代理技能中的漏洞、恶意模式和安全风险。通过企业级技能审计保护您的 AI 生态系统。
概览
仓库信息
安装这个 Skill
git clone https://github.com/NVIDIA/skillspector.gitRegistry 信息
项目简介
NVIDIA 的 SkillSpector 是一款安全扫描器,用于检测 AI 代理技能中的漏洞、恶意模式和安全风险。它帮助开发者和安全团队在部署前审计第三方或自定义技能,确保 AI 代理生态系统的安全性。
Security scanner for AI agent skills. Detect vulnerabilities, malicious patterns, and security risks.
要点
- 检测 AI 代理技能中的漏洞
- 识别恶意模式和代码
- 在部署前评估安全风险
- 设计用于集成到 CI/CD 流水线
- 由 NVIDIA 打造,提供企业级安全性
使用场景
- 审计第三方 AI 代理技能
- 自定义技能部署前的安全检查
- 将安全扫描集成到 AI 开发工作流中
- 保护企业 AI 代理部署免受恶意技能侵害
README 摘要
# SkillSpector **Security scanner for AI agent skills.** Detect vulnerabilities, malicious patterns, and security risks before installing agent skills. [](https://www.python.org/downloads/) [](https://www.apache.org/licenses/LICENSE-2.0) ## Overview AI agent skills (used by Claude Code, Codex CLI, Gemini CLI, etc.) execute with implicit trust and minimal vetting. Research shows that **26.1% of skills contain vulnerabilities** and **5.2% show likely malicious intent**. SkillSpector helps you answer: **"Is this skill safe to install?"** ## Documentation - **[Development guide](docs/DEVELOPMENT.md)** — Architecture, package layout, and how to extend the analyzer pipeline. - **[OSS_RELEASE.md](OSS_RELEASE.md)** — How to produce a public-OSS branch from this repo. ## Features - **Multi-format input**: Scan Git repos, URLs, zip files, directories, or single files - **64 vulnerability patterns** across 16 categories: prompt injection, data exfiltration, privilege escalation, supply chain, excessive agency, output handling, system prompt leakage, memory poisoning, tool misuse, rogue agent, trigger abuse, dangerous code (AST), taint tracking, YARA signatures, MCP least privilege, and MCP tool poisoning - **Two-stage analysis**: Fast static analysis + optional LLM semantic evaluation - **Live vulnerability lookups**: SC4 queries [OSV.dev](https://osv.dev) for real-time CVE data with automatic offline fallback - **Multiple output formats**: Terminal, JSON, Markdown, and SARIF reports - **Risk scoring**: 0-100 score with severity labels and clear recommendations ## Quick Start ### Installation Create and activate a virtual
话题
暂无话题