Safety Report

agentskills-io

Name: agentskills-io
Rating: 5 (2 reviews)
Author: killerapp

Create, validate, and publish Agent Skills following the official open standard from agentskills.io. Use when (1) creating new skills for AI agents, (2) validating skill structure and metadata, (3) understanding the Agent Skills specification, (4) converting existing documentation into portable skills, or (5) ensuring cross-platform compatibility with Claude Code, Cursor, GitHub Copilot, and other tools.

1,819Downloads

6Installs

2Stars

1Versions

Image Processing1,559 PDF & Documents1,388 Documentation1,163 Networking & DNS1,102

Security Analysis

high confidence

Clean0.08 risk

The skill's requirements, files, and runtime instructions match its stated purpose of authoring/validating Agent Skills; nothing appears to request unrelated credentials or hidden installs, but you should inspect the included shell scripts before running them.

Feb 10, 20268 files2 concerns

Purpose & Capabilityok

Name/description align with the files and instructions: the SKILL.md teaches how to author and validate skills and references a validator repo. The two provided scripts (validate & bump) are reasonable for a skills repo toolset. No unrelated credentials, binaries, or config paths are requested.

Instruction Scopenote

Instructions direct use of the agentskills validator (via uv/uvx) and the included shell scripts (validate-skills-repo.sh, bump-changed-plugins.sh). Those actions are consistent with the stated purpose, but the instructions do tell the user/agent to run shell scripts and to create symlinks (ln -s). Running the scripts could modify files or perform git operations — the SKILL.md does not show their contents, so inspect them before execution.

Install Mechanismok

No install spec is bundled with the skill; SKILL.md suggests installing the validator from its GitHub repo using uv or uvx (git+https URL). This is a standard, traceable approach and not an arbitrary binary download or obscure URL.

Credentialsok

The skill declares no required environment variables, no primary credential, and no config paths. That is proportional for a documentation/validation tool. The SKILL.md does not ask for unrelated secrets.

Persistence & Privilegenote

The skill does not set always:true and has no explicit install that grants persistent privileges. Model invocation flags are left at defaults (disable-model-invocation not set), so the skill could be invoked by the agent if platform policy allows — this is typical for utility skills but worth knowing.

Guidance

This skill appears to do what it says: authoring/validating Agent Skills. Before you run anything: (1) review the two shell scripts (scripts/validate-skills-repo.sh and scripts/bump-changed-plugins.sh) to confirm they only validate or update local metadata (and do not, for example, push commits or exfiltrate data), (2) verify the referenced validator repository (https://github.com/agentskills/agentskills) is the expected upstream, and (3) run validation steps in a sandbox or non-critical clone of your repo. If you are uncomfortable with model-initiated runs, check your platform's skill invocation settings because disable-model-invocation is not set by this skill.

Latest Release

v2.5.0

From Foundry: Create, validate, and publish Agent Skills following the official open standard

More by @killerapp

copywriter

6 stars

skill-condenser

2 stars

aws-agentcore-langgraph

2 stars

Chain of Density

0 stars

adversarial-coach

0 stars

para-pkm

0 stars

Published by @killerapp on ClawHub