security

🔒 Security Scanning (NVIDIA SkillSpector)

Research shows 26.1% of AI skills contain vulnerabilities and 5.2% show likely malicious intent. Omni Skills integrates with NVIDIA SkillSpector to scan your skills before you install them.

SkillSpector detects 64 vulnerability patterns across 16 categories:

Prompt injection, data exfiltration, privilege escalation
Supply chain attacks, malware, credential harvesting
Excessive agency, tool misuse, system prompt leakage

Quick Start

# Check SkillSpector status
omni-skills security

# Scan all skills in your canonical store
omni-skills security scan

# Scan without LLM (faster, static analysis only)
omni-skills security scan --no-llm

# Scan a specific skill directory
omni-skills security scan ~/my-skills-private/clean-code

Install SkillSpector

git clone https://github.com/NVIDIA/skillspector.git
cd skillspector
python3 -m venv .venv && source .venv/bin/activate
pip install -e .

Or use Docker:

docker run --rm -v "$PWD:/scan" ghcr.io/nvidia/skillspector scan /scan

Documentation index

README — overview, install, quick start
Installation options & why brew tap
Architecture: compiler, execution boundaries, MCP server
Workflows: chainable skill sequences
Security scanning with NVIDIA SkillSpector
Creating new skills
How to store your skills
Usage guide, health checks, verification

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

security

🔒 Security Scanning (NVIDIA SkillSpector)

Quick Start

Install SkillSpector

Documentation index

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Documentation

Project links

Clone this wiki locally