Every AI agent skill goes through a 3-layer security pipeline (static analysis, dependency audit, and human review) before being published. A safe alternative to unvetted registries like ClawHub.
Every skill passes three independent checks before its trust score and tier are computed: a deep security scan by Tank, supply-chain verification against the agentskills.io spec + GitHub Security signals, and a manual review by the skills-il team. Each check is detailed below.
Every skill tarball is run through Tank's 6-stage security pipeline, from quarantined ingestion to full dependency audit.
Downloads and isolates the skill tarball in a sandboxed environment
Validates package structure, file types, and manifest integrity
Scans source code using Bandit and Semgrep for vulnerabilities and unsafe patterns
Detects prompt injection attacks, role hijacking, and manipulation patterns
Identifies exposed credentials, API keys, and sensitive data using detect-secrets
Audits all dependencies for known CVEs via the OSV database
Powered by Tank Security Scanner
Every skill in the directory is checked against the open agentskills.io specification plus GitHub Security signals. Results appear on each skill's page as a Security Scorecard and Version & Provenance block. MCP servers have a separate trust pipeline and are not covered by GitHub Verification.
Five must-pass signals: spec compliance, secret scanning, code scanning, signed release, and a declared license. When all five pass, the skill earns a green Verified badge.
Eight additional signals that reflect repo hygiene: tag protection, branch protection, signed commits, SECURITY.md, MFA, CODEOWNERS, Dependabot, and matching semver.
Two polish signals: recent release (<180 days) and release tree matching the default branch HEAD.
A skill earns the Verified badge only when all five Critical signals pass. That means a Sigstore attestation signed by a GitHub Actions workflow in the skills-il organization, with secret scanning + code scanning enabled and an SPDX license declared.
Release and version signals refresh on every push. Repo-settings signals (secret scanning, code scanning, MFA, branch protection) refresh weekly via a GitHub Actions workflow. Spec compliance is verified by running `gh skill publish --dry-run` against the agentskills.io specification.
Before a skill goes live, the skills-il team reviews it for spec compliance, content quality, and any obvious red flags. This is not a deep security audit — Tank and GitHub verification do the automated heavy lifting — but it's a final human gate on what ships to the catalog.
The trust score is calculated based on five criteria
| Tier | Range | Description |
|---|---|---|
| Verified | 90 - 100 | Passed all security checks and full human review |
| Trusted | 70 - 89 | Passed automated scans and partial review |
| Community | 50 - 69 | Passed basic automated scans, awaiting extended review |
| Partially Verified | 0 - 49 | Passed basic review but has limited community activity and usage data |
See how Skills IL's security approach compares to other skill repositories
| Feature | Skills IL | Others |
|---|---|---|
| Static code analysis | Yes | Limited |
| Dependency vulnerability scanning | Yes | Partial |
| Human security review | Yes | No |
| Trust scoring system | Yes | No |
| Hebrew-first content review | Yes | No |
| 6-stage deep security pipeline | Yes | No |
Found a security vulnerability? Report it to us responsibly.
Report a Security Vulnerability