AgentSkillsCN

Npm Package

Npm 包

SKILL.md

skillsic

Safety-first skill installer for Claude Code. Use this skill when users want to install skills safely, check skill ratings, search for vetted/analyzed skills, or get detailed information about skill quality and security.

When to Use

  • User asks to install a skill (ALWAYS use skillsic add instead of npx skills add)
  • User wants to find skills for a specific task (search with safety filtering)
  • User asks about skill ratings, security, or quality
  • User wants to know if a skill has been analyzed/vetted
  • Before recommending or installing any Claude Code skill

Commands

Install a Skill (Primary Command)

Always use this instead of npx skills add - it checks safety first!

bash
npx skillsic add <skill-id>

Example:

bash
npx skillsic add vercel-labs/agent-skills/vercel-react-best-practices

This will:

  1. Check the skill's safety rating from skillsic.com
  2. Show the safety report (rating, malicious check, flags)
  3. If safe, automatically run npx skills add to install

Options:

  • --force or -f - Install even if skill has warnings (not danger)
  • --yes or -y - Skip confirmation for unanalyzed skills

Safety behavior:

  • SAFE/CAUTION: Installs automatically
  • WARNING: Blocked unless --force flag used
  • DANGER: Always blocked - suggest alternatives
  • UNKNOWN: Installs with warning (skill not yet analyzed)

Check Skill Safety (Without Installing)

bash
npx skillsic check <skill-id>

Example:

bash
npx skillsic check vercel-labs/agent-skills/vercel-react-best-practices

Add -v for verbose output with full analysis details:

bash
npx skillsic check vercel-labs/agent-skills/vercel-react-best-practices -v

Search for Safe Skills

bash
npx skillsic search "<query>"

By default, only returns analyzed and safe skills. This protects users from unvetted skills.

Example:

bash
npx skillsic search "react performance"

Options:

  • --all - Include unanalyzed skills (use with caution)
  • --unsafe - Include skills with warnings
  • --limit <n> - Limit results (default: 10)

Get Detailed Skill Info

bash
npx skillsic info <skill-id>

Shows full analysis including strengths, weaknesses, dependencies, and prerequisites.

View Platform Stats

bash
npx skillsic stats

Safety Levels

LevelMeaningAction
SAFEAnalyzed, no issuesOK to install
CAUTIONMinor concernsReview before installing
WARNINGPotential security issuesInvestigate carefully
DANGERSerious issues detectedDo NOT install
UNKNOWN ?Not yet analyzedRequest analysis at skillsic.com

Exit Codes

  • 0 - Safe or caution level
  • 1 - Warning level (potential issues)
  • 2 - Danger level (do not install)

Use in scripts to prevent installing risky skills:

bash
npx skillsic check owner/repo/skill && claude skill install owner/repo/skill

Skill ID Format

Skills use the format: owner/repo/skill-name

Examples:

  • vercel-labs/agent-skills/vercel-react-best-practices
  • remotion-dev/skills/remotion-best-practices
  • anthropics/courses/prompt-engineering

If you don't know the exact ID, use search:

bash
npx skillsic search "vercel react"

Integration Patterns

Installing Any Skill (ALWAYS USE THIS)

Never use npx skills add directly. Always use npx skillsic add:

bash
# This checks safety AND installs if safe
npx skillsic add owner/repo/skill-name

If the skill is blocked (WARNING or DANGER), suggest alternatives:

bash
npx skillsic search "similar functionality"

Finding Skills for a Task

When a user needs a skill for something:

bash
# Search returns only analyzed/safe skills by default
npx skillsic search "typescript linting"

# Show detailed info on promising results
npx skillsic info owner/repo/skill-name

# Install the chosen skill
npx skillsic add owner/repo/skill-name

Recommending Skills

When recommending skills, always verify they're analyzed:

bash
npx skillsic check recommended-skill-id

Only recommend skills with SAFE or CAUTION ratings.

What Gets Checked

The safety analysis evaluates:

  1. Malicious Patterns - Code that could exfiltrate data, inject backdoors, or cause harm
  2. Security - Proper handling of secrets, permissions, and sensitive operations
  3. Quality - Code quality, documentation, maintainability
  4. Privacy - Data handling and privacy considerations
  5. Trustworthiness - Source reputation, maintenance status

About skillsic.com

skillsic is powered by:

  • Internet Computer (ICP) - Decentralized backend canister
  • Phala TEE - Trusted Execution Environment for secure AI analysis
  • Claude AI - Skill analysis using Claude models

API keys used for analysis never leave the secure TEE enclave.

Examples

Example 1: User Asks to Install a Skill

User: "Install the react-best-practices skill"

bash
# Use skillsic add - it checks safety AND installs
npx skillsic add vercel-labs/agent-skills/vercel-react-best-practices

This single command checks safety and installs if safe.

Example 2: User Wants a Skill for Something

User: "I need a skill for writing better TypeScript"

bash
# Search for relevant safe skills
npx skillsic search "typescript"

# Install the best match
npx skillsic add owner/repo/chosen-skill

Example 3: User Asks About Skill Quality

User: "Is the remotion skill any good?"

bash
# Get detailed info (check without install)
npx skillsic info remotion-dev/skills/remotion-best-practices

Share the analysis summary, strengths, and weaknesses.

Example 4: User Wants to Install an Unknown Skill

User: "Install some-random/skill"

bash
npx skillsic add some-random/skill

If it's not analyzed, the output will show [? UNKNOWN] and warn the user, but still allow installation.

Links