NVIDIA Launches Verified Agent Skills to Secure Autonomous AI Capabilities

May 21, 2026

NVIDIA launched NVIDIA-Verified Agent Skills, a governance framework for portable instruction sets that teach AI agents how to use specialized tools. Each verified skill undergoes a pipeline including automated risk scanning with SkillSpector, cryptographic signing for authenticity, and a machine-readable skill card.

Scanning tool: SkillSpector
Specification: agentskills.io
Verification: Cryptographic signing
Documentation: Machine-readable skill cards
Supported agents: Claude Code, Codex, and Cursor

This release shifts agent security from the runtime environment to the capability layer. While NVIDIA OpenShell provides kernel-level isolation for the sandbox, verified skills ensure the instructions entering that sandbox are safe. These skills follow the agentskills.io open specification for interoperability across NVIDIA Dynamo's agentic coding support.

You can pull verified skills from GitHub like NVIDIA's supply chain optimization skills. The framework includes a local verifier that checks cryptographic signatures against a root certificate before execution. This allows enterprise teams to audit agent capabilities programmatically rather than relying on manual reviews for every new skill.

View the full update on developer.nvidia.com

NVIDIA AI

@NVIDIAAI5h ago

We just shipped NVIDIA-Verified Agent Skills 🔐 Skills make your agent more capable, but can also introduce vulnerabilities. Verified skills give you transparency into what a skill does, where it came from, what risks it carries, and whether it's been modified. Every verified skill carries a skill card and is built on the https://t.co/ijhll6w6yh open specification to work reliably across @claudeai Code, @openai Codex, and @cursor_ai.

46384

View on X

Still wondering? A few quick answers below.

NVIDIA-verified agent skills are portable instruction sets that teach AI agents how to use specialized tools and libraries correctly. Unlike standard prompts, these skills undergo a formal validation process that includes security scanning, cryptographic signing, and the creation of machine-readable skill cards to ensure they are safe and authentic.

NVIDIA uses an automated tool called SkillSpector to scan skills for both traditional software vulnerabilities and agent-specific risks. This process checks for malicious scripts, hidden instructions, and prompt injection attempts. By treating skills as deployable capabilities rather than static text, NVIDIA can block or remediate risky behavior before the skill is published.

A skill card is a machine-readable trust record that acts as a nutrition label for an AI agent's capabilities. It provides transparency by detailing who authored the skill, what external dependencies it requires, its licensing terms, and any known technical limitations or risks. This metadata allows developers to audit skills programmatically before deployment.

Yes, these skills are built on the agentskills.io open specification, which is designed for broad interoperability. Because they use a standardized format, the same verified skill can work reliably across different agentic coding platforms, including Anthropic's Claude Code, OpenAI's Codex, and the Cursor code editor, without requiring custom integration for each tool.

Developers can use cryptographic signing to confirm a skill has not been modified since publication. By downloading NVIDIA's root certificate and using an OpenSSF Model Signing verifier, users can execute a local command to check the skill's digital signature. This ensures the downloaded files are identical to the versions originally scanned and signed by NVIDIA.