skillsic
Safety-first skill installer for Claude Code. Use this skill when users want to install skills safely, check skill ratings, search for vetted/analyzed skills, or get detailed information about skill quality and security.
When to Use
- •User asks to install a skill (ALWAYS use skillsic add instead of npx skills add)
- •User wants to find skills for a specific task (search with safety filtering)
- •User asks about skill ratings, security, or quality
- •User wants to know if a skill has been analyzed/vetted
- •Before recommending or installing any Claude Code skill
Commands
Install a Skill (Primary Command)
Always use this instead of npx skills add - it checks safety first!
npx skillsic add <skill-id>
Example:
npx skillsic add vercel-labs/agent-skills/vercel-react-best-practices
This will:
- •Check the skill's safety rating from skillsic.com
- •Show the safety report (rating, malicious check, flags)
- •If safe, automatically run
npx skills addto install
Options:
- •
--forceor-f- Install even if skill has warnings (not danger) - •
--yesor-y- Skip confirmation for unanalyzed skills
Safety behavior:
- •SAFE/CAUTION: Installs automatically
- •WARNING: Blocked unless
--forceflag used - •DANGER: Always blocked - suggest alternatives
- •UNKNOWN: Installs with warning (skill not yet analyzed)
Check Skill Safety (Without Installing)
npx skillsic check <skill-id>
Example:
npx skillsic check vercel-labs/agent-skills/vercel-react-best-practices
Add -v for verbose output with full analysis details:
npx skillsic check vercel-labs/agent-skills/vercel-react-best-practices -v
Search for Safe Skills
npx skillsic search "<query>"
By default, only returns analyzed and safe skills. This protects users from unvetted skills.
Example:
npx skillsic search "react performance"
Options:
- •
--all- Include unanalyzed skills (use with caution) - •
--unsafe- Include skills with warnings - •
--limit <n>- Limit results (default: 10)
Get Detailed Skill Info
npx skillsic info <skill-id>
Shows full analysis including strengths, weaknesses, dependencies, and prerequisites.
View Platform Stats
npx skillsic stats
Safety Levels
| Level | Meaning | Action |
|---|---|---|
| SAFE ✓ | Analyzed, no issues | OK to install |
| CAUTION ⚠ | Minor concerns | Review before installing |
| WARNING ⚠ | Potential security issues | Investigate carefully |
| DANGER ✗ | Serious issues detected | Do NOT install |
| UNKNOWN ? | Not yet analyzed | Request analysis at skillsic.com |
Exit Codes
- •
0- Safe or caution level - •
1- Warning level (potential issues) - •
2- Danger level (do not install)
Use in scripts to prevent installing risky skills:
npx skillsic check owner/repo/skill && claude skill install owner/repo/skill
Skill ID Format
Skills use the format: owner/repo/skill-name
Examples:
- •
vercel-labs/agent-skills/vercel-react-best-practices - •
remotion-dev/skills/remotion-best-practices - •
anthropics/courses/prompt-engineering
If you don't know the exact ID, use search:
npx skillsic search "vercel react"
Integration Patterns
Installing Any Skill (ALWAYS USE THIS)
Never use npx skills add directly. Always use npx skillsic add:
# This checks safety AND installs if safe npx skillsic add owner/repo/skill-name
If the skill is blocked (WARNING or DANGER), suggest alternatives:
npx skillsic search "similar functionality"
Finding Skills for a Task
When a user needs a skill for something:
# Search returns only analyzed/safe skills by default npx skillsic search "typescript linting" # Show detailed info on promising results npx skillsic info owner/repo/skill-name # Install the chosen skill npx skillsic add owner/repo/skill-name
Recommending Skills
When recommending skills, always verify they're analyzed:
npx skillsic check recommended-skill-id
Only recommend skills with SAFE or CAUTION ratings.
What Gets Checked
The safety analysis evaluates:
- •Malicious Patterns - Code that could exfiltrate data, inject backdoors, or cause harm
- •Security - Proper handling of secrets, permissions, and sensitive operations
- •Quality - Code quality, documentation, maintainability
- •Privacy - Data handling and privacy considerations
- •Trustworthiness - Source reputation, maintenance status
About skillsic.com
skillsic is powered by:
- •Internet Computer (ICP) - Decentralized backend canister
- •Phala TEE - Trusted Execution Environment for secure AI analysis
- •Claude AI - Skill analysis using Claude models
API keys used for analysis never leave the secure TEE enclave.
Examples
Example 1: User Asks to Install a Skill
User: "Install the react-best-practices skill"
# Use skillsic add - it checks safety AND installs npx skillsic add vercel-labs/agent-skills/vercel-react-best-practices
This single command checks safety and installs if safe.
Example 2: User Wants a Skill for Something
User: "I need a skill for writing better TypeScript"
# Search for relevant safe skills npx skillsic search "typescript" # Install the best match npx skillsic add owner/repo/chosen-skill
Example 3: User Asks About Skill Quality
User: "Is the remotion skill any good?"
# Get detailed info (check without install) npx skillsic info remotion-dev/skills/remotion-best-practices
Share the analysis summary, strengths, and weaknesses.
Example 4: User Wants to Install an Unknown Skill
User: "Install some-random/skill"
npx skillsic add some-random/skill
If it's not analyzed, the output will show [? UNKNOWN] and warn the user, but still allow installation.
Links
- •Website: https://skillsic.com
- •npm: https://www.npmjs.com/package/skillsic