Skip to content

Add Skill Inspector companion skill#253

Open
Dxboy266 wants to merge 4 commits into
NVIDIA:mainfrom
Dxboy266:codex/add-skill-inspector
Open

Add Skill Inspector companion skill#253
Dxboy266 wants to merge 4 commits into
NVIDIA:mainfrom
Dxboy266:codex/add-skill-inspector

Conversation

@Dxboy266

@Dxboy266 Dxboy266 commented Jul 5, 2026

Copy link
Copy Markdown

Summary

Adds skills/skill-inspector/SKILL.md, a companion Agent Skill that uses SkillSpector as the static evidence layer before an agent performs source-aware semantic review.

The skill workflow:

  • runs skillspector scan --no-llm --format json
  • reads the target skill's SKILL.md, executable scripts, MCP config/tool metadata, and finding locations
  • combines static findings with source context into APPROVE / CAUTION / REJECT

Why

SkillSpector scores and findings are strong evidence, but some sensitive capabilities are expected for certain skills. This companion skill gives agent runtimes a repeatable install-before-review workflow that does not require configuring an LLM provider inside SkillSpector.

Files

  • skills/skill-inspector/SKILL.md

Verification

Validated the PR shape with only SKILL.md present:

tmpdir=$(mktemp -d)
cp SKILL.md "$tmpdir/SKILL.md"
skillspector scan "$tmpdir" --no-llm --format json --output /tmp/skill-inspector-pr-shape.json

Result: 0 / LOW / SAFE, no issues.

@rng1995 rng1995 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Automated SkillSpector Review]

Approved. The companion skill keeps the target untrusted, runs deterministic analysis first, prohibits executing target scripts or silently installing dependencies, and requires source-aware review of sensitive findings before an APPROVE/CAUTION/REJECT verdict. The docs-only change is coherent and its manual scan shape is appropriate.

Non-blocking: use a per-run mktemp report path instead of the predictable shared /tmp/skill-inspector-report.json.

@rng1995

rng1995 commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

Fix the CI issue @Dxboy266

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants