SkillSpector scans AI agent configs for security risks

June 16, 2026CodeRabbit ChangelogView original ↗

1 feature

SkillSpector

CodeRabbit now runs Nvidia's SkillSpector to detect security risks in AI agent skills and MCP configuration files during pull request reviews. CodeRabbit runs SkillSpector against changed files including SKILL.md, mcp.json, mcp-config.json, claude_desktop_config.json, .cursorrules, and codex.yaml.

SkillSpector is enabled by default. To disable it, set reviews.tools.skillspector.enabled: false in your .coderabbit.yaml or from Reviews → Tools → SkillSpector in the settings page.

See the SkillSpector tool guide for details.

From other products

Security validation for third-party coding agentsJun 9, 2026
Third-party agents get same security checks as Copilot
Security validation for third-party coding agents is now generally available. Code generated by third-party agents (including Claude and Op…
GitHub · GitHub Changelog
Dedicated security review command now available in Copilot CLIJun 10, 2026
Copilot CLI: /security-review command scans for vulnerabilities
A new slash command analyzes local code changes and returns high-confidence security findings scored by severity and confidence, flagging i…
GitHub · GitHub Changelog

Fetched June 16, 2026

SkillSpector scans AI agent configs for security risks

SkillSpector

More from CodeRabbit

From other products

From other products

More from CodeRabbit