SkillSpector is a Python security scanner that checks AI agent skills for vulnerabilities, malicious patterns, and other risks before you install them.
SkillSpector is a security scanner focused on AI agent skills such as those used by Claude Code, Codex CLI, Gemini CLI, and similar tools. It supports scanning local directories, single files, zip archives, Git repositories, and URLs. The project also offers multiple report formats, including terminal output, JSON, Markdown, and SARIF.
The problem it addresses is that AI agent skills are often installed with implicit trust and little vetting, even though the README says research found a substantial share of skills with vulnerabilities and a smaller share with likely malicious intent. SkillSpector is meant to help users answer whether a skill is safe to install and to surface security risks before the skill is used.
At a high level, SkillSpector combines fast static analysis with an optional LLM-based semantic review. It checks content against a large set of vulnerability patterns across multiple security categories, can perform live lookups against OSV.dev for known vulnerable dependencies with offline fallback, and then produces a risk score with severity labels and recommendations. The README also indicates it can work without the LLM stage for faster, static-only scanning.
It is gaining attention because AI agent ecosystems are growing while their skills can execute with high implicit trust, making security review a practical pain point. The repository also appears active and relevant right now, with a strong recent star increase and an emphasis on modern workflows such as CI/CD integration through SARIF and support for multiple LLM providers, including local OpenAI-compatible setups.
The README does not name direct competitors. Based on the description, comparable approaches would include manual code review, general-purpose static analysis tools, dependency vulnerability scanners, and other security review workflows for agent skills. SkillSpector’s distinguishing focus is that it is purpose-built for AI agent skill security rather than general application security.
AI-explained · grounded in each repo's README