Every skill is scanned before you install it
The agent skills ecosystem has a real security problem. Malicious SKILL.md files can steal API keys, exfiltrate environment variables, and execute arbitrary code — silently. SkillSpot is the only free marketplace that automatically scans every community skill before it goes live.
Our Security Promise
Automated scanning on every submission
Every community skill PR triggers an automated scan via skill-issue — a static analysis tool with 50+ built-in security rules. No human bottleneck for clean skills.
OWASP Agentic Skills Top 10 review
Complex or first-time-submitter skills get a manual review against the OWASP AST10 checklist — the industry standard for agentic skill security.
Full transparency
Every skill shows its scan status and date. Skills that fail scanning are blocked and logged in our public rejected log. We publish what we find.
What We Scan For
Based on the OWASP Agentic Skills Top 10 framework. Each submitted skill is checked against all of these categories.
Instructions that attempt to override your agent's behavior, system prompt, or stated purpose.
Hardcoded API keys, tokens, or passwords — and instructions to read or transmit credentials from your environment.
Invisible Unicode characters, base64-encoded payloads, or other obfuscation used to hide malicious instructions.
Instructions to send data to external endpoints, webhook listeners, or known data-capture services.
Unsafe eval(), exec(), or shell injection patterns that could execute arbitrary code on your machine.
Misleading descriptions that don't match actual behavior, or pressure tactics to bypass security warnings.
Common Questions
Does passing the scan guarantee a skill is safe?
No. Automated scanning catches known patterns but can't detect every possible threat. Always review the source code of community skills before installing, and use your own judgment. The scan badge means we checked — not that it's perfect.
What is the SkillJect vulnerability?
SkillJect is a class of attack targeting SKILL.md files used by Claude Code, Codex CLI, and Gemini CLI. Malicious skills embed hidden instructions that trigger unauthorized scripts — stealing API keys, exfiltrating environment variables, or installing malware. All our scans are specifically designed to detect SkillJect patterns.
What does "Publisher Verified" mean?
Publisher Verified skills are published directly by platform partners (Anthropic, Vercel, Cloudflare, Sentry, Expo). These are official skills from the companies that build the tools they integrate with. They bypass automated scanning and carry the full trust of their publisher.
How do I get my skill publisher-verified?
Publisher verification is for official platform partners. If you work at a company that wants to officially distribute skills through SkillSpot, reach out. Community skills submitted by individuals go through the standard automated scan.