Cisco AI Skill Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent security-scanning helper, with cautions around its external CLI install and optional LLM mode.

Use the default behavioral scan for private or sensitive skills. Only enable --full or --use-llm for content approved for external processing, and install the CLI in an isolated Python environment when possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger list is very broad and includes generic security/audit phrases such as 'check skill safety', 'audit skill code', and 'security audit skill'. In an agent environment, this can cause unintended invocation on unrelated requests, potentially exposing skill behavior, scanning arbitrary paths, or interfering with normal workflows when a user did not explicitly intend to run this tool.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The documentation instructs users to pass an API key into environment variables for LLM-based scanning, but it does not clearly warn that enabling the LLM provider may transmit skill contents or metadata to an external service. In a security-scanning context, the scanned material may contain sensitive code, secrets, or unpublished skills, so unclear credential and data-handling guidance can lead to unintended disclosure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal