NVIDIA-Verified Agent Skills Provide Capability Governance for AI Agents
Mirrored from NVIDIA Developer Blog for archival readability. Support the source by reading on the original site.
NVIDIA-Verified Agent Skills Provide Capability Governance for AI Agents
AI-Generated Summary
- NVIDIA-verified agent skills are portable instruction sets that help developers understand, trust, and safely deploy AI agent capabilities by providing transparency, provenance, security scanning, and cryptographic signing.
- Verified skills undergo a publishing flow including daily catalog updates, automated and human reviews, risk scanning with SkillSpector, signing, and documentation via machine-readable skill cards detailing ownership, dependencies, limitations, and verification status.
- Skill cards centralize trust metadata, enabling developers and enterprise teams to assess compatibility, risks, and validation before deployment, while cryptographic signatures ensure authenticity and integrity beyond implied provenance.
AI-generated content may summarize information incompletely. Verify important information. Learn more
Autonomous AI agents are becoming more capable. Open models, Model Context Protocol (MCP)-connected tools, and portable skills are also making agents easier to extend. But scaling agent use with structural transparency and operational integrity requires more than runtime guardrails. Organizations and teams need to understand and trust the skills, or instructions, an agent is using.
NVIDIA-verified skills address this gap by helping developers understand capabilities, discover where a skill originated, whether it was scanned for common risks, and whether it was modified after publication. Skill verification matters when skills are reused and deployed in real workflows, rather than treated like individual, opaque bundles.
Verified skills embed transparency, provenance, security validation, and authenticity checks to the agent capability layer, helping developers extend autonomous agents more confidently. Verified means cataloged, scanned, signed, and documented with a skill card. Verified skills build on agentskills.io open skills specification, so the same SKILL.md that works in one AI coding agent is designed to work reliably across Claude Code, Codex, and Cursor.
This post explains what NVIDIA agent skills are and how they become verified, how skill cards work, and how you can deploy agent skills more safely and confidently in your own agent workflows.
What are NVIDIA agent skills?
NVIDIA agent skills are portable instruction sets that teach AI agents how to use NVIDIA CUDA-X libraries, AI Blueprints, and platform tools correctly. NVIDIA-verified skills published in the NVIDIA/skills GitHub repo are:
- Cataloged and synced daily from the NVIDIA product team that owns it
- Scanned for software and agent-native risks before publication
- Signed with a detached skill.oms.sig that can be verified post-download
- Documented with a skill card describing ownership, dependencies, limitations, and verification status
Evaluation is the next layer. It will add standardized quality metrics, trigger accuracy, task completion rate, and token efficiency, measured against a common harness as it rolls out.
How does an agent skill become verified?
An NVIDIA-verified skill starts in a source repository owned by a product team. From there, it moves through a publishing flow that can include both human review and automated policy checks, followed by scanning, evaluation, generation of the skill card, signing, cataloging, and synchronization into the public catalog.
Each verified skill is paired with a skill card, a machine-readable trust record that explains the following:
- What the skill does
- Who built the skill
- How is the skill licensed
- What are the skill dependencies
- What are the known technical limitations, risks, and mitigations of the skill
Over time, evaluation becomes part of the same validation pipeline (Figure 1). This approach preserves the openness and portability of SKILL.md-based skills while embedding the chain-of-trust layers developers can expect. For more details, see the Skills documentation.
How do verified skills bring trust to the skill layer?
NVIDIA already embeds trust in agent systems through the NVIDIA NeMo Guardrails library, covering control, privacy, and policy-based guardrails. Resources such as NVIDIA OpenShell and NVIDIA NemoClaw focus on how agents run: sandboxed execution, controlled access to files and networks, and policy enforcement around sensitive actions.
Verified skills extend this AI governance to agent capabilities. Runtime controls help govern agent behavior during execution. Verified skills govern capabilities that enter the workflow and become a common way to extend trust agents across coding tools, registries, and enterprise platforms.
How does scanning help mitigate risk before skill publication?
Before a verified skill reaches the NVIDIA Skills catalog, NVIDIA runs it through SkillSpector as part of the publication validation pipeline. This approach treats the skill as a deployable agent capability rather than as a static prompt. SkillSpector checks conventional software risks such as vulnerable dependencies, suspicious scripts, dangerous code patterns, credential access, and data exfiltration paths.
SkillSpector also checks agent-specific risks, such as hidden instructions, prompt injection, trigger abuse, excessive agency, tool poisoning, and mismatches between a skill’s declared purpose, requested access, and bundled behavior. The intent layer is important: a skill may look harmless at the file level while steering an agent toward unsafe behavior, requesting broader access than its purpose requires, or describing one task while bundled artifacts enable another.
This process results in a structured review signal that helps NVIDIA block or remediate risky skills prior to publication.
SkillSpector scanning coverage is grounded in recognized AI security governance, including OWASP guidance for LLM, agentic AI risks, and MITRE ATLAS. The NVIDIA Skills scanning documentation lists the current coverage and is updated as scan classes and supply-chain checks expand.
How does cryptographic signing add verifiable provenance for agent skills?
NVIDIA is publicly experimenting with cryptographic signing for agent skills as part of a broader validation roadmap for enterprise-scale deployment. The goal is to make it easier for developers to trust the skills NVIDIA publishes and replicate the same validation and deployment pipeline across environments.
The signature covers every file and subdirectory in the skill directory, giving developers a concrete way to verify that the downloaded skill is authentic and unchanged. This is what distinguishes verified skills from assets that are merely associated with a known publisher or listed in a trusted catalog. Many registries can identify who uploaded an asset; far fewer let developers cryptographically verify the asset itself after download. In the skills ecosystem, trust should come from verifiable integrity and authenticity, not from implied provenance alone.
Certificate retrieval, supported verification tooling, and example verification commands see the signing documentation. For example, you can verify a signed skill locally. To do so, follow these steps:
- Download the NVIDIA Agentic Capabilities root certificate as
nv-agent-root-cert.pem - Install an OpenSSF Model Signing (OMS) verifier, such as
pip install model-signing - Execute the following command to verify the skill signature:
$ model_signing verify certificate SKILL_DIR \
--signature SKILL_DIR\skill.oms.sig \
--certificate-chain nv-agent-root-cert.pem \
--ignore-unsigned-files
How does a skill card work?
The skill card template on GitHub explains the schema, how to structure skills and specify data flow, as well as which fields are required versus optional as the spec evolves.
Consider, for example, a developer building a delivery-scheduling agent who wants to know three things before installing the NVIDIA cuOpt routing skill: who authored the skill, what it accesses beyond the cuOpt solver endpoint, and whether the underlying optimizer has been validated against real routing benchmarks. The cuOpt skill card answers all three questions in a single machine-readable file. The agent loads this file alongside the skill, so no manual auditing per install is required.
How do skill cards make trust metadata actionable?
The skill card is where trust is centralized. The information in the skill card is useful to both developers and enterprise architects. A developer can review whether a skill is compatible with a target agent, affirm dependencies pre-deployment quickly, and understand how a skill will operate. Furthermore, enterprise teams can review known risks, fail-safe controls, and validation status before allowing broader skill deployment.
At NVIDIA, Trustworthy AI begins with transparency, what a skill can do, and how that is communicated to developers for assessment and deployment. To that end, we are also excited to release our skill card template and skill card generator. All the required fields in the public skill card template can be autonomously generated and human-verified. By making these resources openly available, NVIDIA invites the community to develop transparently for skills, agents, and beyond.
Get started with NVIDIA-verified agent skills
If you are deploying agents in real environments, trust extends beyond the runtime. You need to know where a capability came from, whether it passed security checks, and whether it was modified after publication. Verified skills help answer those questions in an easily portable way.
To get started with the cuOpt verified skill, for example, follow these steps:
1. Pull the cuOpt verified skill from the catalog:
git clone github.com/nvidia/skills && cd skills/skills/cuopt
2. Verify the signature:
model_signing verify certificate. --signature skill.oms.sig --certificate-chain nv-agent-root-cert.pem --ignore-unsigned-files
3. Open SKILLCARD.yaml to see ownership, dependencies, license, and verification status.
To learn more, visit the Skills documentation to review all available skills or browse the NVIDIA/skills GitHub repo.
Acknowledgments
We’d like to thank Alec Evangelista, Mohit Gupta, and Isabel Hulseman for contributing to this work.
Tags
About the Authors
Moshe Abramovitch is an AI product manager at NVIDIA, responsible for agent skills external publication and a member of the Enterprise Products Group. Before joining NVIDIA, Moshe worked as a product manager at AWS and Microsoft. He holds an MBA from the Fuqua School of Business at Duke University.
Michael Boone is the Manager for Trustworthy AI Product at NVIDIA. He is responsible for building NVIDIA’s technology according to its guiding principles—driving the implementation of products, tools, and processes that enable the company, its customers, and the larger ecosystem to deploy AI with confidence. Beginning his career as a licensed civil engineer, Michael pivoted from transportation infrastructure project management and operations to owning NVIDIA’s global core computer vision product marketing strategy, as well as product feature definition for DRIVE AV. Michael brings a safety-first engineering mindset to the AI frontier, drawing on his background in physical infrastructure to ensure digital systems are built with the same principle and rigor. An inventor and car enthusiast, Michael is a highly trusted collaborator and a leading voice in the deployment of emerging technology across public, private, and research environments.
Sayali Kandarkar is a senior software engineer in the AI/ML domain at NVIDIA, with a focus on products such as NeMo Framework, NemoClaw, and NeMo Microservices for fine-tuning, evaluation, and safety using guardrails on NVIDIA models. She is a core contributor to NVIDIA open source agent skills repository and plays a key role in the evaluation of agentic AI frameworks including NemoClaw. Her work in validating and optimizing generative AI workflows, combined with performance benchmarking through fine-tuning of LLM, VLM, and MOE models, has helped streamline AI products for real-world applications. Her work also involves representing NVIDIA at conferences and creating developer-focused content that helps new users adopt NVIDIA AI products. Prior to NVIDIA, Sayali earned her master’s degree in Artificial Intelligence from Carnegie Mellon University.
Daniel is a distinguished security architect at NVIDIA, where he provides security leadership for areas such as code signing, device PKI, ML deployments, and mobile operating systems. Previously, as principal security architect at BlackBerry, he was instrumental in the mobile phone division’s transition from BlackBerry 10 OS to Android. When not working, Daniel can be found planning his next travel adventure.
Nir Paz is a builder and product leader at NVIDIA focused on security for next-generation AI systems, agentic technologies, and enterprise AI platforms. He has spent his career building products at the intersection of cybersecurity, identity, fraud, and risk, helping organizations manage and reduce complex digital threats. Before NVIDIA, Nir led product initiatives across both high-growth startups and global technology companies, including Amazon and Cisco. He holds an MSc in Computer Science from Reichman University and an MBA from Indiana University, where he also serves as a guest lecturer on technology and business strategy.
Discussion (0)
Sign in to join the discussion. Free account, 30 seconds — email code or GitHub.
Sign in →No comments yet. Sign in and be the first to say something.