Automation tooling for the Agent Skill Exchange repository.
Parser-backed validator for one skill, a directory of skills, or the full catalog.
python3 scripts/validate_skills.py skills/playwright-mcp-browser-automation/SKILL.md
python3 scripts/validate_skills.py --all --github-annotations --quietvalidate-skill.sh remains as a compatibility wrapper around this script:
./scripts/validate-skill.sh path/to/SKILL.mdChecks performed:
- File exists, is non-empty, and is valid UTF-8
- YAML frontmatter is present and parsed with PyYAML
- Duplicate YAML keys are rejected
- Required fields exist and have the expected scalar types:
title,slug,description,category,framework,verification slugis lowercase kebab-case and matches the containing directory name- Deprecated public fields are rejected:
name,verification_status,verified_metadata verificationis a public value (listedorsecurity_reviewed); internalverified_metadatamust export aslisted- Category and framework labels are validated against the known public taxonomy/framework sets
sourceis URL-like when present- Numeric signal fields are real numbers, not quoted strings
tool_ecosystemis an object with typed optional fields- Body contains an H1 heading and enough useful content
- GitHub Actions annotations are emitted with
--github-annotations
Requirement: Python 3 + PyYAML.
Exit codes: 0 on pass, 1 on validation failure, 2 when PyYAML is unavailable.
Executable security pattern scanner and fixture test suite for the trust layer.
python3 scripts/test_security_patterns.py
python3 scripts/security_scan.py skills --github-annotations --quietsecurity_scan.py loads machine-readable patterns from verification/patterns.json and scans Markdown files/directories. test_security_patterns.py verifies pattern compilation, required security classes, positive malicious fixtures, and a benign negative fixture under verification/fixtures/security/.
CI runs both the fixture suite and a full skills/ catalog scan.
Reproduces all generated public repo artifacts from the public ASE API, without OpenClaw or Hostinger paths.
ASE_API_BASE=https://agentskillexchange.com ./scripts/sync-from-api.sh
# or directly:
ASE_API_BASE=https://agentskillexchange.com ./scripts/generate-all.sh [repo_directory]Generated artifacts include README.md, CATALOG.md, categories/, industries/, TOP-STARS.md, TOP-DOWNLOADS.md, skills.json, public agent endpoint files (openclaw.json, codex.json, llms.txt), agent manifest files, and sync-metadata.json.
sync-metadata.json records:
generated_atsource_api_basesource_totalsource_etag_or_hash(SHA-256 of generatedskills.json)generator_versionschema_version
generate-agent-endpoints.py uses the canonical generated skills.json to write static, cacheable agent discovery files:
python3 scripts/generate-agent-endpoints.py [repo_directory]
python3 scripts/smoke-agent-endpoints.py --base https://agentskillexchange.comLive endpoint contract:
/skills.json— full canonical public catalog (application/json)/openclaw.json— OpenClaw-oriented manifest (application/json)/codex.json— Codex-oriented manifest (application/json)/llms.txt— concise agent/human discovery document (text/plain)- cache header:
Cache-Control: public, max-age=300, stale-while-revalidate=86400
Regenerates CATALOG.md from the public Agent Skill Exchange WordPress REST API.
ASE_API_BASE=https://agentskillexchange.com ./scripts/generate-catalog.sh [repo_directory]What it does:
- Fetches all skills and categories from the WP REST API (paginated)
- Generates
CATALOG.mdwith summary stats and per-category skill tables - Handles HTML entity decoding in category and skill names
Requirements: Python 3
Regenerates per-category README.md files in the categories/ directory.
./scripts/generate-categories.sh [repo_directory]What it does:
- Fetches all skills and the category taxonomy from the WP REST API
- Creates/updates
categories/README.md(index of all categories) - Creates/updates
categories/<slug>/README.mdfor each category - Handles HTML entity decoding
Requirements: curl, jq