SkillSpector is a security scanner built to evaluate AI agent skills before they are installed or trusted. It helps teams inspect skills used by tools such as Claude Code, Codex CLI, and Gemini CLI. The project focuses on detecting vulnerabilities, malicious behavior, and risky patterns that may be hidden inside skill files. It combines fast static checks with optional LLM-based semantic review for issues that require deeper intent analysis. It supports several input types, including Git repositories, URLs, zip files, folders, and individual files. It also produces practical reports with risk scores, severity labels, and recommendations that make security reviews easier to act on.

Features

  • Scans Git repositories, URLs, zip files, folders, and single files
  • Detects 64 vulnerability patterns across 16 categories
  • Checks for prompt injection, data exfiltration, privilege escalation, and supply chain risks
  • Supports static analysis with optional LLM semantic evaluation
  • Exports terminal, JSON, Markdown, and SARIF reports
  • Provides a 0–100 risk score with severity labels and recommendations

Project Samples

Project Activity

See All Activity >

Categories

Security

License

Apache License V2.0

Follow SkillSpector

SkillSpector Web Site

Other Useful Business Software
Build Agents and Models on One Platform Icon
Build Agents and Models on One Platform

Everything you need to build production-ready agents and models. Access 200+ Google and third-party AI models and tools.

Gemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
Try It Free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of SkillSpector!

Additional Project Details

Programming Language

Python

Related Categories

Python Security Software

Registered

2026-06-11