SkillSafe is a secured skill registry for AI agents like Claude Code, Cursor, and Windsurf. It lets you scan, save, share, install, and verify AI skills with security scanning and dual-side cryptographic verification.

How does dual-side verification work?

The publisher scans a skill before sharing it. When a consumer downloads and installs the skill, they re-scan it independently. SkillSafe compares both scan reports using cryptographic tree hashes (SHA-256) to detect any tampering between publish and download. If critical findings are detected, the install is blocked automatically.

Yes, SkillSafe offers a generous free tier that includes full security scanning, up to 50 skill saves per day, up to 5 shared skills, and 50 MB of storage. Pro and Enterprise plans are available for teams and organizations that need more storage, shared skills, and advanced features.

Which AI tools does SkillSafe work with?

SkillSafe works with all major AI agents including Claude Code, Cursor, Windsurf, GitHub Copilot, Codex CLI, Gemini CLI, OpenCode, Cline, Roo Code, Kilo Code, Goose, Aider, AMP, Kiro, Trae, and more. The CLI supports installing skills to any tool's skill directory.

What does the security scanner detect?

The SkillSafe scanner uses AST-based and regex-based static analysis to detect dangerous patterns including shell command execution, file system access, network requests to suspicious endpoints, credential harvesting, data exfiltration, obfuscated code, and prompt injection attempts. Each finding is categorized by severity (critical, high, medium, low, info).

Zero supply-chain incidents. Every shared skill scanned and verified.

Trust infrastructure
for AI agent skills.

Publisher scans before sharing. Consumer re-scans on install. Cryptographic tamper detection between publish and download. Critical findings block the install automatically.

Explore Skills Documentation

Get started — choose either method:

Send to your AI agent

Create skillsafe skill from
https://skillsafe.ai/skill.md

Copy this text and send it to your AI agent.

Download zip

skillsafe.zip

Download and ask AI to install the zip file.

Works with your favorite AI tools

Skills Available: 8,100+
Publishers: 700+
Scan Reports: 13,100+
Threats Caught: 3,600+
Demos: 2,600+
Comments: 2,200+

Top Skills

View all

✓ Safe

postgresql-table-design @wshobson/ PostgreSQL table design and optimization

113,110

✓ Safe

debugging-strategies @wshobson/ Master systematic debugging techniques, profiling tools, and root cause analysis to efficiently track down bugs across any codebase or technology stack. Use when investigating bugs, performance issues, or unexpected behavior.

142,365

✓ Safe

nuxt @antfu/ Nuxt full-stack Vue framework with SSR, auto-imports, and file-based routing. Use when working with Nuxt apps, server routes, useFetch, middleware, or hybrid rendering.

35,116

baoyu-danger-gemini-web @jimliu/ Generates images and text via reverse-engineered Gemini Web API. Supports text generation, image generation from prompts, reference images for vision input, and multi-turn conversations. Use when other skills need image generation backend, or when user requests "generate image with Gemini", "Gemini text generation", or needs vision-capable AI generation.

42,121

✓ Safe

free-tool-strategy @coreyhaines31/ When the user wants to plan, evaluate, or build a free tool for marketing purposes — lead generation, SEO value, or brand awareness. Also use when the user mentions "engineering as marketing," "free tool," "marketing tool," "calculator," "generator," "interactive tool," "lead gen tool," "build a tool for leads," or "free resource." This skill bridges engineering and marketing — useful for founders and technical marketers.

54,914

✓ Safe

architecture-patterns @wshobson/ Implement proven backend architecture patterns including Clean Architecture, Hexagonal Architecture, and Domain-Driven Design. Use when architecting complex backend systems or refactoring existing applications for better maintainability.

78,661

✓ Safe

create-auth-skill @better-auth/ Create authentication skills with Better Auth

15,395

✓ Safe

e2e-testing-patterns @wshobson/ Master end-to-end testing with Playwright and Cypress to build reliable test suites that catch bugs, improve confidence, and enable fast deployment. Use when implementing E2E tests, debugging flaky tests, or establishing testing standards.

112,051

✓ Safe

database-migration @wshobson/ Execute database migrations across ORMs and platforms with zero-downtime strategies, data transformation, and rollback procedures. Use when migrating databases, changing schemas, performing data transformations, or implementing zero-downtime deployment strategies.

142,298

1,184+ malicious skills were confirmed in the ClawHavoc campaign.

In early 2026, security researchers confirmed 1,184+ malicious AI skills across 12 compromised publisher accounts, distributing Atomic Stealer malware, stealing credentials, and exfiltrating data via ClickFix social engineering. SkillSafe was built so this cannot happen here — every skill is scanned before sharing and independently re-verified on install, with cryptographic tamper detection between publish and download.

Labeling vs. Gating.

Scanning a skill at install time tells you it was clean when you downloaded it. It doesn't tell you it's the same file the publisher uploaded — or that critical findings will actually stop the install.

No scanning

Anyone publishes without security review
No verification at any point
Community flags damage after it happens
No integrity check on downloaded archives

Scan-and-label

e.g. skills.sh (Snyk + Socket + Gen)

Scanned at install — not before publishing
Critical findings shown as warnings, install still proceeds
No publisher-side scan before the skill is shared
No tamper detection between publish and download

SkillSafe: scan-and-gate

Publisher scans before sharing — not after
Consumer independently re-scans on install
Critical verdicts block the install automatically
Cryptographic tree hash detects any tampering in transit

Key Features

Dual-Side Verification

Sharers scan before sharing. Consumers re-scan after download. The server compares both reports — tampered skills are flagged immediately.

Cryptographic Tree Hashes

Every archive is SHA-256 hashed into an immutable tree hash. If a single byte changes, verification fails with a critical verdict.

Semantic Versioning

Strict semver enforcement and version yanking. Install exactly the version you need, every time.

Share Links

Share skills via revocable links with expiration controls. Private by default — share when you're ready, revoke anytime.

Built for AI Tools

Works with Claude Code, Cursor, Windsurf, Codex, Gemini, OpenCode, OpenClaw, Cline, Roo, Goose, GitHub Copilot, Kiro, Trae, AMP, Aider, VS Code, Antigravity, Droid, and Kilo Code. One registry across all your AI agents — no vendor lock-in, no separate extensions needed.

Free to Use

Save up to 50 private skills per day for free. Share with cryptographic verification at no cost. Upgrade only when you need more storage or team features.

How It Works

Publisher Scans

The publisher runs a full security scan before sharing. Every file is analyzed for malicious patterns and vulnerabilities, producing a detailed report and cryptographic tree hash.

Registry Stores

The scan report is stored alongside an immutable SHA-256 tree hash. Any byte change between save and install breaks the hash — tamper-proof by design.

Consumer Verifies

On download, the consumer independently re-scans and the server compares both reports. Only matching scans receive a verified verdict.

Quick Start

Install

Send this to your AI agent:

Create skillsafe skill from
https://skillsafe.ai/skill.md

Your AI tool reads the skill definition, downloads the client, and sets up SkillSafe automatically.

Sign In & Save

skillsafe auth
skillsafe save ./my-skill --version 1.0.0

Opens your browser to sign in. Your skill is saved privately — no scan or email verification required.

Optional — requires email verification + scan

skillsafe share @myname/my-skill --version 1.0.0

Sharing creates a cryptographically verified link others can install. Shared skills are scanned before sharing and re-verified on install.

Install & Verify

skillsafe install @skillsafe/code-review

Downloads, independently re-scans, and verifies the report against the publisher's. Blocks installation on critical verdicts and warns on divergent results.

Latest from the Blog

View all posts

Best Practices Apr 15, 2026 12 min read

Secure your skills in 30 seconds.

Send "Create skillsafe skill from https://skillsafe.ai/skill.md" to your AI agent. SkillSafe handles scanning, verification, and installation automatically.

Explore Skills Documentation

Trust infrastructure
for AI agent skills.

Top Skills

1,184+ malicious skills were confirmed in the ClawHavoc campaign.

Labeling vs. Gating.

No scanning

Scan-and-label

SkillSafe: scan-and-gate

Key Features

Dual-Side Verification

Cryptographic Tree Hashes

Semantic Versioning

Share Links

Built for AI Tools

Free to Use

How It Works

Publisher Scans

Registry Stores

Consumer Verifies

Quick Start

Install

Sign In & Save

Install & Verify

Latest from the Blog

Best AI/ML Development Skills and Tools [2026]

Best AI Skills for DevOps and CI/CD [2026]

Best AI CSS and Design Skills [2026]

Secure your skills in 30 seconds.

Trust infrastructure for AI agent skills.

Top Skills

1,184+ malicious skills were confirmed in the ClawHavoc campaign.

Labeling vs. Gating.

No scanning

Scan-and-label

SkillSafe: scan-and-gate

Key Features

Dual-Side Verification

Cryptographic Tree Hashes

Semantic Versioning

Share Links

Built for AI Tools

Free to Use

How It Works

Publisher Scans

Registry Stores

Consumer Verifies

Quick Start

Install

Sign In & Save

Install & Verify

Latest from the Blog

Best AI/ML Development Skills and Tools [2026]

Best AI Skills for DevOps and CI/CD [2026]

Best AI CSS and Design Skills [2026]

Secure your skills in 30 seconds.

Trust infrastructure
for AI agent skills.