Loading skills from API...
💾 Download Skill Definitions as JSON ({{ filteredSkills.length }})
Page {{ pagination.currentPage }} of {{ totalPages }}
Creator {{ getSortIcon('creator') }}
Version {{ getSortIcon('version') }}
Summary {{ getSortIcon('summary') }}
Name
URL {{ getSortIcon('url') }}
License {{ getSortIcon('license') }}
GitHub stars {{ getSortIcon('trust') }}
Cisco
Scanner {{ getSortIcon('cisco-ai-skill-scanner') }}
Razin
Scanner {{ getSortIcon('razin-scanner') }}
skill-audit
Scanner {{ getSortIcon('skill-audit-scanner') }}
Last
Scanned {{ getSortIcon('updated_at') }}
Loading skills data...

🔍 Click Search to load skills

No skills match your filters

Try adjusting your filters or search terms
{{ skill.creator }} {{ skill.version || 'N/A' }} {{ skill.summary }} {{ skill.name }} {{ skill.license }} ⭐ {{ formatNumber(skill.trust) }} {{ formatScanDate(skill.updated_at || skill.created_at) }}

Loading graph…

Failed to load skills

Categories

Submit Your Skill Repository

Have a repository with your own skills you'd like to share? Submit it here for inclusion in our next update cycle.

{{ submission.success ? '✨ Successfully submitted!' : '⚠️ ' + submission.message }}

{{ submission.details }}

What happens next?

  • Your submission is saved to our queue
  • Our team reviews the repository structure
  • If approved, it's added to repos.json
  • Next workflow run scans your skills automatically
  • Your skills appear on the site within 24 hours

Frequently Asked Questions

Why OpenSkills Agency?

Fetch, assemble and deploy the skills you need from the GitHub sources you trust.

Select from a curated list of humans, organizations and companies. Group the skills by category or owner and download them to your skill directories.

Why not use skills.sh or skillsmp.com?

Because skills.sh does not list those skills on GitHub and you might not want to use them without any quality and security checks anyway, right?

OpenSkills Agency provides transparency, security scanning (Cisco AI Defense), and GitHub-based trust metrics.

How can I use the API?

OpenSkills Agency provides a REST API for programmatic access to all skills data. Search, filter, and retrieve skills metadata including security findings and best practice scores.

API Base: https://skills-api.stefkoch-de.workers.dev/api/v1

Documentation: OpenAPI Specification

What is Cisco AI Defense scanner?

Cisco AI Defense is an enterprise-grade security scanner designed for AI agent skills. It detects vulnerabilities, prompt injections, malicious code, and unsafe patterns.

Scans identify:

  • Prompt injection vulnerabilities
  • Malicious code patterns
  • Data exfiltration risks
  • Unsafe API calls

Skills with ✅ checkmarks passed Cisco scans. Click any skill for detailed findings.

What is Razin scanner?

Razin is an offline static analysis scanner for SKILL.md agent skills. It detects security issues through pattern matching without executing code or making API calls.

Security checks include:

  • is_public_sink: Network exfiltration, HTTP requests
  • destructive: File deletion, system modification
  • untrusted_content: Prompt injection, code injection
  • private_data: Credential theft, secret exposure

✓ = safe/0, ✗ = unsafe/not 0. Combined with Cisco AI Defense for comprehensive security.

Note on Snyk: Snyk Agent Scan API is rate-limited for large-scale scanning. To scan skills yourself, see Snyk's documentation for local scanning instructions.

What is skill-audit scanner?

skill-audit is a comprehensive security scanner that validates agent skills against the OWASP Agentic Top 10 security categories.

Security checks include:

  • Prompt injection (ASI01): Malicious instructions in skill prompts
  • Credential leaks (ASI04): Hardcoded secrets, API keys
  • Code execution (ASI05): Unsafe eval/exec patterns
  • Data exfiltration (ASI02): Unauthorized data transmission
  • PII exposure (ASI03): Personal information leaks
  • Dependency vulnerabilities: CVE/GHSA/KEV/EPSS scanning

✓ = risk score ≤ 3.0 with no critical/high findings, ✗ = risk score > 3.0 or critical/high findings found.

What are the best practice checks?

Best practice checks validate skills follow Anthropic's prompt engineering guidelines and agent skill standards.

Each skill evaluated against:

  • Clear instructions and XML structure
  • Complete metadata
  • Input/output validation
  • Error handling and documentation