Vet your agent's skills
Extend your coding agent with good skills, and scan the rest.
Skills and tools are npm install for agents, except they run with your agent's permissions and almost no vetting. A 2026 study of 42,447 skills found 26.1% had a vulnerability and 5.2% likely malicious intent, with script-bearing skills 2.12x more dangerous. The move is not to stop using skills, it is to extend from sources you can vet and scan everything else. Each recipe verifies the guardrail (the CI gate, the SKILL.md inventory, the preflight manifest) against a fixture; the real scan and install are fenced.
Start here
SkillSpector: fail your CI build on a risky agent skill
Scan every skill you did not write with SkillSpector and gate CI on the result, so a malicious or vulnerable SKILL.md fails the build instead of running with your agent's permissions at runtime.
Vet a SKILL.md before you install it
Treat an agent skill like the untrusted dependency it is: parse its SKILL.md, confirm the frontmatter is well-formed, and surface every executable script it bundles, since the research flagged script-bearing skills as the most dangerous, before you ever let your agent run it.
Agent-Reach: throwaway account, least privilege, scan before install
Before letting Agent-Reach install system dependencies and register a skill that logs into platforms with your cookies, encode the safe defaults as a preflight manifest: a throwaway account never your main, cookie-auth risk acknowledged per platform, and a mandatory scan before install.
The tools (3)
NVIDIA's security scanner for agent skills, tools, and MCP servers. Point it at a directory, file, repo URL, or zip and it checks 65 vulnerability patterns across 16 categories (prompt injection, data exfiltration, supply chain, excessive agency, MCP tool poisoning, and more) with fast static analysis plus an optional LLM pass. Emits a 0-100 risk score with LOW/MEDIUM/HIGH/CRITICAL severity and SARIF 2.1.0 for CI. Built on the Liu et al. 2026 study that scanned 42,447 skills (26.1% had a vulnerability, 5.2% likely malicious). Static analysis lowers risk, it does not certify safety.
Addy Osmani's curated set of 24 production-grade engineering skills for coding agents (Claude Code, Cursor, Gemini CLI), each a readable SKILL.md encoding a senior-engineer workflow across the dev lifecycle. The value is provenance: a small, inspectable baseline written by a credible source, the model for what a good, vettable skill looks like, not an exhaustive marketplace.
A single CLI that gives a coding agent eyes on the internet: it installs open upstream tools (yt-dlp, gh CLI, cookie-auth scrapers for Twitter/Reddit/YouTube/GitHub) and registers a SKILL.md so the agent knows when to use each. No paid API keys, which is the appeal. The catch the project is upfront about: several platforms work via your logged-in cookies, which are full credentials kept locally and carry a real account-ban risk, so use a throwaway account, never your main. Because it installs system dependencies and registers a skill, it is exactly the kind of thing to scan before running.
Every recipe here ships with a CI badge that re-checks its extraction logic on each push. If a setup you bookmark stops working, the badge goes red before you do.
★ Star the awesome list on GitHubNewsletter · Tue · Thu · Sat
WebAfterAI
AI agents, automation, and the next internet.
Three issues a week, Tuesday, Thursday, and Saturday, on what builders are actually shipping. From the r/WebAfterAI community.