Open Source Alternatives LogoOpen Source Alternatives
AlternativesBlogAdvertise
Open Source Alternatives LogoOpen Source Alternatives

Stay Updated

Subscribe to our newsletter for the latest news and updates about Alternatives

Open Source Alternatives LogoOpen Source Alternatives

Handpicked Open Source Alternatives to Paid Softwares

Product
  • Search
  • Categories
  • Tag
  • Sign In
Resources
  • Blog
  • Collection
  • Submit
  • Advertise your tool
Company
  • Privacy Policy
  • Terms of Service
  • Refund Policy
  • Sitemap
Copyright © 2026 All Rights Reserved.
Home/Categories/Security & Monitoring/SkillSpector
icon of SkillSpector

SkillSpector

Security scanner for AI agent skills to detect vulnerabilities and risks.

9.2K starsPythonApache-2.0Active this week
Visit websiteGitHub repo
image of SkillSpector
Contents
  1. 01Who SkillSpector is for
  2. 02The problem it solves
  3. 03How it solves it
  4. 04Strengths and trade-offs
  5. 05Install and self-host
  6. 06Tech stack
  7. 07FAQ
  8. 08Similar open-source tools
TL;DR

SkillSpector is a security scanner for AI agent skills that detects vulnerabilities and malicious patterns. It provides a two-stage analysis with live vulnerability lookups and multiple output formats. This tool helps ensure that AI skills are safe to install and use.Apache-2.0 · Python · 9.2K stars · Active this week

who it's for

Who SkillSpector is for#

Developers

Ensure the safety of third-party AI skills before integration.

Skip if:

Skip if only using trusted internal skills.

Security Analysts

Assess and report on the security posture of AI agent skills.

Skip if:

Skip if no AI skills are being evaluated.

the problem

The problem it solves#

The project helps solve the problem of identifying vulnerabilities and malicious patterns in AI agent skills before they are installed, ensuring user safety and security.

how SkillSpector solves it

How it solves it#

Multi-format Input

Scan Git repos, URLs, zip files, directories, or single files.

64 Vulnerability Patterns

Detect vulnerabilities across 16 categories including prompt injection and data exfiltration.

Two-stage Analysis

Combine fast static analysis with optional LLM semantic evaluation.

Live Vulnerability Lookups

Query OSV.dev for real-time CVE data with automatic offline fallback.

Multiple Output Formats

Generate reports in Terminal, JSON, Markdown, and SARIF formats.

Risk Scoring

Provides a score from 0-100 with severity labels and recommendations.

strengths · trade-offs

Strengths and trade-offs#

Strengths

  • Comprehensive DetectionIdentifies a wide range of vulnerabilities across various categories.
  • Real-time DataUtilizes live vulnerability lookups for up-to-date security information.
  • Flexible UsageSupports multiple input formats and output report types.
  • User-friendlyProvides clear recommendations based on risk scoring.

Trade-offs

  • -Static Analysis LimitationsStatic analysis may miss vulnerabilities that only manifest during runtime.
  • -Language SupportMay not effectively analyze non-English content.
  • -Image-based AttacksCannot analyze text in images or encrypted/binary code.
install · self-host

Install and self-host#

bash
git clone https://github.com/NVIDIA/skillspector.git
tech stack · detected from GitHub

What it's built on#

Languages
Python
frequently asked

FAQ#

What types of files can SkillSpector scan?

SkillSpector can scan Git repositories, URLs, zip files, directories, and single files.

How does SkillSpector determine risk scores?

Risk scores are calculated based on the severity of detected vulnerabilities, with higher scores indicating greater risk.

Can I use SkillSpector without Python?

Yes, SkillSpector can be run using Docker without needing to install Python.

also worth a look

Similar open-source tools#

Local Deep Research

Local Deep Research

Your AI research assistant, fully local and encrypted.

7.5KPythonMIT
ClawTrace

ClawTrace

Visualize agent execution trees and track token costs per step

37TypeScriptApache-2.0
OpenFang

OpenFang

Open source Agent OS built in Rust with autonomous agents

17.9KRustApache-2.0
ClawMetry

ClawMetry

Real-time observability dashboard for AI coding agents

375PythonMIT
IronClaw

IronClaw

Open source security scanner for AI agent deployments

12.4KRustApache-2.0
Hyprnote

Hyprnote

Local-first AI meeting notetaker with transcription

8.6KRustMIT

Repository

Stars
9.2K
Forks
720
License
Apache-2.0
Last commit
5 days ago
Last verified
Jun 22, 2026
Repo
NVIDIA/SkillSpector ↗

Additional details

Language
Python
Open issues
102
Contributors
7
First release
2026

Categories

Security & MonitoringAI & Machine Learning

Tags

SecurityAI AgentsDeveloper Tools