skills.sh now offers automated security audits for its skills, partnering with GenSocket and Snyk to scale audits across over 60,000 skills. Results are publicly displayed on skill detail pages, malicious skills are hidden from leaderboards and search, with warnings before installation. The feature activates with skills@1.4.0, showing audit results and risk levels pre-install.
Key Points
- 1.Partners with GenSocket and Snyk for independent audits on 60,000+ skills
- 2.Transparent results published on each skill's detail page
- 3.Malicious skills auto-hidden from leaderboard and search results with install warnings
- 4.Risk levels and audits displayed before skill installation in skills@1.4.0
Impact Analysis
Boosts developer trust in skills.sh ecosystem by providing verifiable security, reducing risks from unvetted third-party skills. Enables safer scaling of skill usage in production apps. Likely accelerates adoption among security-conscious teams.
Technical Details
Audits are automated and independent, rapidly scaling to 60k+ skills via partner integrations. Flagged malicious skills trigger UI protections like hiding and warnings. Integrated into install flow at skills@1.4.0 for preemptive risk display.