<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Mohammed Bahubaishi</title>
    <description>The latest articles on DEV Community by Mohammed Bahubaishi (@mbahubaishi).</description>
    <link>https://dev.to/mbahubaishi</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4021792%2F3fa1dc38-447e-4b8a-989f-f667f23124a6.png</url>
      <title>DEV Community: Mohammed Bahubaishi</title>
      <link>https://dev.to/mbahubaishi</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/mbahubaishi"/>
    <language>en</language>
    <item>
      <title>I Built a PDF Report Generator for NVIDIA SkillSpector Because AI Skills Need Better Security Reviews</title>
      <dc:creator>Mohammed Bahubaishi</dc:creator>
      <pubDate>Wed, 08 Jul 2026 20:33:47 +0000</pubDate>
      <link>https://dev.to/mbahubaishi/i-built-a-pdf-report-generator-for-nvidia-skillspector-because-ai-skills-need-better-security-8c9</link>
      <guid>https://dev.to/mbahubaishi/i-built-a-pdf-report-generator-for-nvidia-skillspector-because-ai-skills-need-better-security-8c9</guid>
      <description>&lt;p&gt;A few weeks ago, I started looking more seriously at AI “skills.”&lt;/p&gt;

&lt;p&gt;Not skills in the human sense.&lt;/p&gt;

&lt;p&gt;I mean the installable skill packages used by AI coding agents and assistants, the kind of thing you might add to Claude Code, Codex-style workflows, Gemini CLI workflows, or other local agent setups.&lt;/p&gt;

&lt;p&gt;At first, they look harmless.&lt;/p&gt;

&lt;p&gt;A &lt;code&gt;SKILL.md&lt;/code&gt; file.&lt;/p&gt;

&lt;p&gt;Maybe a helper script.&lt;/p&gt;

&lt;p&gt;Maybe a few references.&lt;/p&gt;

&lt;p&gt;Maybe some instructions telling the assistant how to behave.&lt;/p&gt;

&lt;p&gt;But the more I looked at them, the more they started to feel less like “just prompts” and more like small software packages.&lt;/p&gt;

&lt;p&gt;And software packages need security review.&lt;/p&gt;

&lt;h2&gt;
  
  
  The uncomfortable part
&lt;/h2&gt;

&lt;p&gt;The risk in an AI skill is not always obvious.&lt;/p&gt;

&lt;p&gt;It might not look like malware.&lt;/p&gt;

&lt;p&gt;It might not have a scary filename.&lt;/p&gt;

&lt;p&gt;It might not even contain a traditional executable payload.&lt;/p&gt;

&lt;p&gt;The risk can hide in places that are easy to overlook:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Markdown instructions&lt;/li&gt;
&lt;li&gt;Prompt injection text&lt;/li&gt;
&lt;li&gt;Helper scripts&lt;/li&gt;
&lt;li&gt;External network calls&lt;/li&gt;
&lt;li&gt;Attempts to access environment variables&lt;/li&gt;
&lt;li&gt;Self-modifying behavior&lt;/li&gt;
&lt;li&gt;Overbroad permissions&lt;/li&gt;
&lt;li&gt;Suspicious dependencies&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Traditional security review often asks:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;What code will run?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;AI skill review also needs to ask:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;What behavior is this skill trying to influence?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Those are related, but they are not the same question.&lt;/p&gt;

&lt;p&gt;OWASP already lists risks such as prompt injection, sensitive information disclosure, and supply-chain vulnerabilities in its Top 10 for LLM applications.&lt;/p&gt;

&lt;p&gt;NVIDIA’s SkillSpector project also highlights why this matters. Its README cites research showing that &lt;strong&gt;26.1% of skills contained vulnerabilities&lt;/strong&gt; and &lt;strong&gt;5.2% showed likely malicious intent&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;That number made me stop and think.&lt;/p&gt;

&lt;p&gt;If AI skills are easy to install, easy to share, and sometimes risky, then “just install it and see what happens” is not a review process.&lt;/p&gt;

&lt;h2&gt;
  
  
  SkillSpector helps answer the first question
&lt;/h2&gt;

&lt;p&gt;NVIDIA SkillSpector is a security scanner for AI agent skills.&lt;/p&gt;

&lt;p&gt;It helps answer a simple but important question:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Is this skill safe to install?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;It can scan folders, files, zip archives, and repositories. It looks for risky patterns before installation, including suspicious instructions, hidden behavior, risky scripts, and other security concerns.&lt;/p&gt;

&lt;p&gt;That is exactly the kind of tool this ecosystem needs.&lt;/p&gt;

&lt;p&gt;But when I started using it, I noticed a practical gap.&lt;/p&gt;

&lt;p&gt;The scan result was useful, but I wanted something easier to share.&lt;/p&gt;

&lt;p&gt;Not everyone wants terminal output.&lt;/p&gt;

&lt;p&gt;Not everyone wants raw JSON.&lt;/p&gt;

&lt;p&gt;Not every review record should be a screenshot from a shell window.&lt;/p&gt;

&lt;p&gt;Sometimes you need a report.&lt;/p&gt;

&lt;p&gt;Something structured.&lt;/p&gt;

&lt;p&gt;Something readable.&lt;/p&gt;

&lt;p&gt;Something you can attach to a ticket, send to a reviewer, or keep as review evidence.&lt;/p&gt;

&lt;p&gt;So I built one.&lt;/p&gt;

&lt;h2&gt;
  
  
  What I built
&lt;/h2&gt;

&lt;p&gt;I built &lt;strong&gt;SkillSpector Report&lt;/strong&gt;, a small open source Python CLI that turns NVIDIA SkillSpector scan output into a local PDF report.&lt;/p&gt;

&lt;p&gt;Project: &lt;a href="https://github.com/mbahubaishi/skillspector-report" rel="noopener noreferrer"&gt;SkillSpector Report on GitHub&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It does not replace SkillSpector.&lt;/p&gt;

&lt;p&gt;It does not perform independent security analysis.&lt;/p&gt;

&lt;p&gt;It simply runs the installed local &lt;code&gt;skillspector&lt;/code&gt; CLI, reads SkillSpector JSON output, and turns the result into a polished PDF report.&lt;/p&gt;

&lt;p&gt;The generated report includes:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Report metadata&lt;/li&gt;
&lt;li&gt;Scan mode&lt;/li&gt;
&lt;li&gt;SkillSpector version&lt;/li&gt;
&lt;li&gt;Privacy note&lt;/li&gt;
&lt;li&gt;Risk banner&lt;/li&gt;
&lt;li&gt;Executive summary&lt;/li&gt;
&lt;li&gt;Findings detail&lt;/li&gt;
&lt;li&gt;Scanned components&lt;/li&gt;
&lt;li&gt;Raw SkillSpector JSON appendix&lt;/li&gt;
&lt;li&gt;Legal notice and limitations&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The point is not to make scanner output “pretty.”&lt;/p&gt;

&lt;p&gt;The point is to make scanner output easier to review, explain, share, and archive.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why PDF?
&lt;/h2&gt;

&lt;p&gt;Developers often prefer JSON, Markdown, or terminal output.&lt;/p&gt;

&lt;p&gt;I understand that.&lt;/p&gt;

&lt;p&gt;But security review is not always only for developers.&lt;/p&gt;

&lt;p&gt;Sometimes the result needs to go to a manager.&lt;/p&gt;

&lt;p&gt;Sometimes it needs to be attached to a governance ticket.&lt;/p&gt;

&lt;p&gt;Sometimes it needs to be reviewed by someone who understands risk but does not want to inspect raw JSON.&lt;/p&gt;

&lt;p&gt;Sometimes you just want a clean record of what was scanned and what was found.&lt;/p&gt;

&lt;p&gt;That is where a PDF report is useful.&lt;/p&gt;

&lt;p&gt;A PDF does not make a scanner more accurate.&lt;/p&gt;

&lt;p&gt;But it can make the result easier to understand and easier to act on.&lt;/p&gt;

&lt;p&gt;And in security, communication matters.&lt;/p&gt;

&lt;p&gt;A finding that nobody understands is a finding that may not get fixed.&lt;/p&gt;

&lt;h2&gt;
  
  
  Clean report vs malicious report
&lt;/h2&gt;

&lt;p&gt;I wanted the tool to handle two very different outcomes clearly.&lt;/p&gt;

&lt;h3&gt;
  
  
  Clean report
&lt;/h3&gt;

&lt;p&gt;A clean report does &lt;strong&gt;not&lt;/strong&gt; mean “guaranteed safe.”&lt;/p&gt;

&lt;p&gt;It means SkillSpector did not report significant issues in that scan.&lt;/p&gt;

&lt;p&gt;The report still includes the full structure:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Metadata&lt;/li&gt;
&lt;li&gt;Executive summary&lt;/li&gt;
&lt;li&gt;Scanned components&lt;/li&gt;
&lt;li&gt;Raw JSON evidence&lt;/li&gt;
&lt;li&gt;Limitations&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;That matters because even a low-risk result should still be reviewed before trusting a skill.&lt;/p&gt;

&lt;p&gt;Security scanners can miss things. A clean result is useful evidence, not a certificate of safety.&lt;/p&gt;

&lt;h3&gt;
  
  
  Malicious or suspicious report
&lt;/h3&gt;

&lt;p&gt;This is where the report becomes more valuable.&lt;/p&gt;

&lt;p&gt;When SkillSpector finds issues, the PDF includes a detailed findings table showing:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Severity&lt;/li&gt;
&lt;li&gt;Finding category&lt;/li&gt;
&lt;li&gt;File location&lt;/li&gt;
&lt;li&gt;Line number&lt;/li&gt;
&lt;li&gt;Confidence&lt;/li&gt;
&lt;li&gt;Explanation&lt;/li&gt;
&lt;li&gt;Remediation guidance&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;That makes it easier to answer the questions reviewers actually care about:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;What was found?&lt;/p&gt;

&lt;p&gt;Where was it found?&lt;/p&gt;

&lt;p&gt;How serious is it?&lt;/p&gt;

&lt;p&gt;How confident is the scanner?&lt;/p&gt;

&lt;p&gt;What should be reviewed next?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That is the difference between raw output and evidence that is easier to review.&lt;/p&gt;

&lt;h2&gt;
  
  
  Local first by design
&lt;/h2&gt;

&lt;p&gt;I wanted the reporting workflow to stay local.&lt;/p&gt;

&lt;p&gt;SkillSpector Report runs the installed local &lt;code&gt;skillspector&lt;/code&gt; command and generates the PDF locally.&lt;/p&gt;

&lt;p&gt;The report generator itself does not upload scan inputs or generated reports.&lt;/p&gt;

&lt;p&gt;By default, it currently runs SkillSpector in static-only mode using &lt;code&gt;--no-llm&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;That means LLM semantic analysis is not enabled by default.&lt;/p&gt;

&lt;p&gt;This was intentional. For a first review, I prefer a conservative local workflow before adding anything that may involve an external model provider.&lt;/p&gt;

&lt;p&gt;There is one important nuance. Depending on the scanned content, dependencies, SkillSpector configuration, and network availability, SkillSpector itself may still perform package vulnerability lookups such as OSV.dev queries.&lt;/p&gt;

&lt;p&gt;So the honest version is:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;The report generator is local first, but users should still understand what the underlying scanner may do.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h2&gt;
  
  
  Basic usage
&lt;/h2&gt;

&lt;p&gt;After installing NVIDIA SkillSpector separately, SkillSpector Report can generate a local PDF from a skill folder, zip file, package, or repository path.&lt;/p&gt;

&lt;p&gt;The full setup instructions and examples are in the GitHub README:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://github.com/mbahubaishi/skillspector-report" rel="noopener noreferrer"&gt;https://github.com/mbahubaishi/skillspector-report&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The repository also includes example PDF reports for both clean and malicious scan outcomes.&lt;/p&gt;

&lt;h2&gt;
  
  
  What this project is not
&lt;/h2&gt;

&lt;p&gt;I think this part matters.&lt;/p&gt;

&lt;p&gt;SkillSpector Report is not a magic safety button.&lt;/p&gt;

&lt;p&gt;It does not guarantee that a skill is safe.&lt;/p&gt;

&lt;p&gt;It does not replace manual review.&lt;/p&gt;

&lt;p&gt;It does not replace NVIDIA SkillSpector.&lt;/p&gt;

&lt;p&gt;It does not perform independent security analysis.&lt;/p&gt;

&lt;p&gt;It does not certify compliance.&lt;/p&gt;

&lt;p&gt;It does not prove that malicious behavior is absent.&lt;/p&gt;

&lt;p&gt;It is a reporting layer.&lt;/p&gt;

&lt;p&gt;A useful one, I hope, but still a reporting layer.&lt;/p&gt;

&lt;p&gt;Security scanners can produce false positives and false negatives. A low-risk report should not be treated as a guarantee, and a high-risk report should be reviewed carefully before using the scanned item.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why I think this matters
&lt;/h2&gt;

&lt;p&gt;AI skills and agent tools are becoming more like software packages.&lt;/p&gt;

&lt;p&gt;They can influence behavior.&lt;/p&gt;

&lt;p&gt;They can include scripts.&lt;/p&gt;

&lt;p&gt;They can reference external resources.&lt;/p&gt;

&lt;p&gt;They can shape what an assistant does next.&lt;/p&gt;

&lt;p&gt;That means teams will need better ways to review them.&lt;/p&gt;

&lt;p&gt;Not just scan them.&lt;/p&gt;

&lt;p&gt;Review them.&lt;/p&gt;

&lt;p&gt;Explain them.&lt;/p&gt;

&lt;p&gt;Archive the decision.&lt;/p&gt;

&lt;p&gt;Share the evidence.&lt;/p&gt;

&lt;p&gt;Help non-technical people understand the risk.&lt;/p&gt;

&lt;p&gt;That is the gap I wanted to explore with this project.&lt;/p&gt;

&lt;p&gt;NVIDIA SkillSpector does the security scanning.&lt;/p&gt;

&lt;p&gt;SkillSpector Report tries to make the result easier to read, share, and keep.&lt;/p&gt;

&lt;h2&gt;
  
  
  What’s next
&lt;/h2&gt;

&lt;p&gt;Some ideas I’m considering:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Publishing to PyPI for easier installation&lt;/li&gt;
&lt;li&gt;Adding batch report generation&lt;/li&gt;
&lt;li&gt;Adding optional HTML report output&lt;/li&gt;
&lt;li&gt;Adding configurable report templates&lt;/li&gt;
&lt;li&gt;Adding summary-only reports&lt;/li&gt;
&lt;li&gt;Creating assistant workflows for Claude Code, Codex, or similar local coding agents&lt;/li&gt;
&lt;li&gt;Adding CI examples for review workflows&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The project is still early, but the direction is clear:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;AI skill security needs to become easier to review, not just easier to scan.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h2&gt;
  
  
  Project link
&lt;/h2&gt;

&lt;p&gt;The project is open source under the MIT License:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://github.com/mbahubaishi/skillspector-report" rel="noopener noreferrer"&gt;https://github.com/mbahubaishi/skillspector-report&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Feedback, issues, and suggestions are welcome.&lt;/p&gt;

&lt;h2&gt;
  
  
  References
&lt;/h2&gt;

&lt;ol&gt;
&lt;li&gt;&lt;a href="https://github.com/NVIDIA/skillspector" rel="noopener noreferrer"&gt;NVIDIA SkillSpector&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://owasp.org/www-project-top-10-for-large-language-model-applications/" rel="noopener noreferrer"&gt;OWASP Top 10 for Large Language Model Applications&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://arxiv.org/abs/2601.10338" rel="noopener noreferrer"&gt;Agent Skills in the Wild: An Empirical Study of Security Vulnerabilities at Scale&lt;/a&gt;&lt;/li&gt;
&lt;/ol&gt;

</description>
      <category>ai</category>
      <category>security</category>
      <category>python</category>
      <category>agentskills</category>
    </item>
  </channel>
</rss>
