Every skill in the Agent Skill Exchange is backed by a real tool, repo, or package. New skills go through a discovery pipeline that requires real provenance before publishing.
📋 Published In the catalog — real tool, real provenance
↓
🛡️ Security Reviewed Scanned for safety — highest trust
The skill is published in the catalog. To be published, a skill must:
- Be backed by a real tool, repo, or package
- Have a valid
SKILL.mdwith required frontmatter - Be assigned to a valid category and framework
- Have substantive content (100+ words with technical references)
- Pass deduplication checks against existing skills
The skill's content has been scanned for potentially malicious patterns:
- No prompt injection attempts
- No data exfiltration patterns (unauthorized network calls)
- No destructive commands (
rm -rf /, disk formatting, etc.) - No credential harvesting instructions
- No obfuscated or encoded payloads
- No reverse shells or crypto mining
Each skill's SKILL.md frontmatter includes a verification field:
---
title: "Example Skill"
verification: security_reviewed
---Valid values:
| Value | User-facing label | Meaning |
|---|---|---|
listed |
Published | In the catalog — backed by a real tool |
security_reviewed |
Security Reviewed | Content scanned for malicious patterns — safe to use |
Security review patterns are now represented as machine-readable data in patterns.json, with regression fixtures in fixtures/security/. CI runs:
python3 scripts/test_security_patterns.py
python3 scripts/security_scan.py skills --github-annotations --quietThis keeps the trust layer testable instead of relying on documentation-only checks.
- Verification Criteria — detailed requirements for each tier
- Security Patterns — human-readable patterns checked during security review
- Browse Skills — explore the full catalog