SkillSafe is a secured skill registry for AI agents like Claude Code, Cursor, and Windsurf. It lets you scan, save, share, install, and verify AI skills with security scanning and dual-side cryptographic verification.

How does dual-side verification work?

SkillSafe automatically scans GitHub-hosted skills for security issues using 12 analysis passes. Scan reports include findings, a Bill of Materials, and AI-powered review. Cryptographic tree hashes detect tampering between publish and download.

Yes, SkillSafe offers a generous free tier that includes full security scanning, up to 50 skill saves per day, up to 5 shared skills, and 50 MB of storage. Pro and Enterprise plans are available for teams and organizations that need more storage, shared skills, and advanced features.

Which AI tools does SkillSafe work with?

SkillSafe works with all major AI agents including Claude Code, Cursor, Windsurf, GitHub Copilot, Codex CLI, Gemini CLI, OpenCode, Cline, Roo Code, Kilo Code, Goose, Aider, AMP, Kiro, Trae, and more. The CLI supports installing skills to any tool's skill directory.

What does the security scanner detect?

The SkillSafe scanner uses AST-based and regex-based static analysis to detect dangerous patterns including shell command execution, file system access, network requests to suspicious endpoints, credential harvesting, data exfiltration, obfuscated code, and prompt injection attempts. Each finding is categorized by severity (critical, high, medium, low, info).

Zero supply-chain incidents. Every shared skill scanned and verified.

Your team's skills, verified
and synced to every AI agent.

SkillSafe scans, verifies, and delivers AI agent skills to Claude Code, Cursor, Windsurf, Codex, and every tool your team uses. Scanning is free for everyone — no signup required.

Building with a team? Set up your org Why SkillSafe?

Prefer a desktop app? Get the SkillSafe desktop app for macOS, Windows, and Linux.

Works with your favorite AI tools

Skills Indexed: 24,400+
Scanned: 22,800+
Verified: 15,859
Publishers: 2,300+
Scan Reports: 27,300+
Threats Caught: 84

Top Skills

View all

✓ Safe

postgresql-table-design @wshobson/ PostgreSQL table design and optimization

118,978

✓ Safe

debugging-strategies @wshobson/ Master systematic debugging techniques, profiling tools, and root cause analysis to efficiently track down bugs across any codebase or technology stack. Use when investigating bugs, performance issues, or unexpected behavior.

142,374

✓ Safe

nuxt @antfu/ Nuxt full-stack Vue framework with SSR, auto-imports, and file-based routing. Use when working with Nuxt apps, server routes, useFetch, middleware, or hybrid rendering.

39,795

✓ Safe

remotion-best-practices @remotion-dev/ Best practices for creating videos with Remotion

371,068

✓ Safe

next-cache-components @vercel-labs/ Next.js 16 Cache Components - PPR, use cache directive, cacheLife, cacheTag, updateTag

36,210

✓ Safe

web-design-guidelines @antfu/ Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".

16,332

✓ Safe

create-auth-skill @better-auth/ Create authentication skills with Better Auth

25,781

✓ Safe

systematic-debugging @sammcj/ Agentic Coding Rules, Templates etc...

241

✓ Safe

qa-expert @daymade/ Professional Claude Code skills marketplace featuring production-ready skills for enhanced development workflows.

2,414

1,184+ malicious skills were confirmed in the ClawHavoc campaign.

In early 2026, security researchers confirmed 1,184+ malicious AI skills across 12 compromised publisher accounts, distributing Atomic Stealer malware, stealing credentials, and exfiltrating data via ClickFix social engineering. SkillSafe was built so this cannot happen here — every skill is scanned before sharing and independently re-verified on install, with cryptographic tamper detection between publish and download.

Labeling vs. Gating.

Scanning a skill at install time tells you it was clean when you downloaded it. It doesn't tell you it's the same file the publisher uploaded — or that critical findings will actually stop the install.

No scanning

Anyone publishes without security review
No verification at any point
Community flags damage after it happens
No integrity check on downloaded archives

Scan-and-label

open registries that scan at install time

Scanned at install — not before publishing
Critical findings shown as warnings, install still proceeds
No publisher-side scan before the skill is shared
No tamper detection between publish and download

SkillSafe: scan-and-gate

Publisher scans before sharing — not after
Consumer independently re-scans on install
Critical verdicts block the install automatically
Cryptographic tree hash detects any tampering in transit

Full capability comparison →

Key Features

Dual-Side Verification

Skills are scanned automatically when viewed. AI review classifies findings and flags false positives. Tampered skills are detected via cryptographic tree hashes.

Cryptographic Tree Hashes

Every archive is SHA-256 hashed into an immutable tree hash. If a single byte changes, verification fails with a critical verdict.

Semantic Versioning

Strict semver enforcement and version yanking. Install exactly the version you need, every time.

Share Links

Share skills via revocable links with expiration controls. Private by default — share when you're ready, revoke anytime.

Built for AI Tools

Works with Claude Code, Cursor, Windsurf, Codex, Gemini, OpenCode, OpenClaw, Cline, Roo, Goose, GitHub Copilot, Kiro, Trae, AMP, Aider, VS Code, Antigravity, Droid, and Kilo Code. One registry across all your AI agents — no vendor lock-in, no separate extensions needed.

Free to Use

Save up to 50 private skills per day for free. Share with cryptographic verification at no cost. Upgrade only when you need more storage or team features.

How It Works

Auto-Scan

Submit a GitHub URL or visit a skill page. SkillSafe runs 12 security checks automatically — no installation required. Results are cached and updated when files change.

AI Reviews

AI classifies each finding — separating real threats from false positives. Assigns a security score and produces a recommendation with reasoning for every finding.

Integrity Verified

Cryptographic tree hashes (SHA-256) ensure files haven't been tampered with. Every version is immutable — any change produces a different hash.

Latest from the Blog

View all posts

Security Jun 11, 2026 10 min read

OpenClaw Shows Why Agents Need a Bill of Materials

Renewed discussion of OpenClaw's local-agent takeover risk shows why teams need an Agent Bill of Materials for skills, plugins, MCP servers, and connectors.

Security Jun 10, 2026 8 min read

Cisco Cloud Control Makes Agent Tool Governance Mainstream

Cisco's Cloud Control launch puts AI agents, MCP connectors, and third-party tool marketplaces inside critical infrastructure operations.

Security Jun 9, 2026 9 min read

Vercel's Skills API Turns Agent Skills Into Infrastructure

Vercel opened the skills.sh API for programmatic access to 600,000+ agent skills. That is useful, but it makes skill verification a platform concern.

Manage your team's skills in one place.

Organization workspaces are available today: a private shared registry, team roles and invites, domain verification, and security scanning on everything your developers install. Enterprise plans add shared storage, higher limits, and priority support.

Create an organization Talk to enterprise sales

See pricing for plan details.

Secure your skills in 30 seconds.

Download the SkillSafe desktop app or run npx skills add to install your first verified skill in seconds — every skill is security-scanned and cryptographically verified.

Explore Skills Documentation

Your team's skills, verified and synced to every AI agent.

Top Skills

1,184+ malicious skills were confirmed in the ClawHavoc campaign.

Labeling vs. Gating.

No scanning

Scan-and-label

SkillSafe: scan-and-gate

Key Features

Dual-Side Verification

Cryptographic Tree Hashes

Semantic Versioning

Share Links

Built for AI Tools

Free to Use

How It Works

Auto-Scan

AI Reviews

Integrity Verified

Latest from the Blog

OpenClaw Shows Why Agents Need a Bill of Materials

Cisco Cloud Control Makes Agent Tool Governance Mainstream

Vercel's Skills API Turns Agent Skills Into Infrastructure

Manage your team's skills in one place.

Secure your skills in 30 seconds.

Your team's skills, verified
and synced to every AI agent.