[[
wikihub
]]
Search
⌘K
Explore
People
For Agents
Sign in
Explore
People
For Agents
Sign in
@jacobcole / Trusted Claude Skills / index.md
Suggest edit
Cancel
Submit suggestion
Title
Name
Note
--- title: Trusted Claude Skills visibility: public tags: [claude, skills, trust, curation] --- # Trusted Claude Skills A curated catalog of Claude Code (and Claude Desktop) **Agent Skills** with trust ratings. > **Why this exists:** Anthropic's own guidance is _"use Skills only from trusted sources: those you created yourself or obtained from Anthropic."_ A malicious skill can direct Claude to invoke tools or execute code in ways that don't match its stated purpose. As of April 2026, **13%+ of marketplace skills have been found to contain critical vulnerabilities** (per the Tech Leads Club audit), and security-vetting registries are emerging. This wiki is one personal node in that emerging trust network. See also: - **[[reviewers]]** — Meta page: who reviews Claude skills, registries, vetting orgs - **[[@jacobcole/trusted-openclaw-skills/index|Trusted OpenClaw Skills]]** — sister catalog - **[[@jacobcole/curation-trust-network/index|Curation & Trust Networks]]** — where curation matters --- ## Trust tiers | Tier | Meaning | |---|---| | 🟢 **Anthropic** | Published / maintained by Anthropic in [`anthropics/skills`](https://github.com/anthropics/skills). Default trust. | | 🔵 **First-party** | Bundled with Claude Code or Claude.ai by Anthropic — visible in `Skill` tool listings. | | 🟡 **Vetted-third-party** | Listed in a security-scanning registry (Skills Directory, SkillHub S/A-rank, agentskills.io verified) AND has visible source. | | 🟠 **Personal-use** | Jacob has used it personally, read the source, and finds it benign. No external audit. | | 🔴 **Audit-before-use** | Listed in marketplaces but not yet personally vetted; the standard Anthropic warning applies. | --- ## Skills used in this stack (Mac Mini, M3) These appeared in recent Claude Code sessions on Jacob's machines: | Skill | Source | Tier | Notes | |---|---|---|---| | `simplify` | local | 🟠 | Reviews changed code for reuse/quality/efficiency | | `loop` | local | 🟠 | Recurring task runner; calls `ScheduleWakeup` / cron | | `schedule` | local | 🟠 | Manages scheduled remote agents (routines) | | `claude-api` | local | 🟠 | Anthropic SDK helper — prompt caching, model migration | | `feature-dev` | local | 🟠 | Guided feature development with codebase awareness | | `init` | local | 🟠 | Bootstraps a new `CLAUDE.md` from a codebase scan | | `frontend-design` | local | 🟠 | Produces non-generic UI code | | `prd` | local | 🟠 | Generates a PRD for a new feature | | `ralph` | local | 🟠 | Converts PRD → Ralph autonomous-agent JSON | | `mac-app-store-submit` | local | 🟠 | Mac App Store submission walkthrough | | `update-config` | local | 🟠 | Edits `~/.claude/settings.json` and hooks | | `fewer-permission-prompts` | local | 🟠 | Scans transcripts and proposes allow-list rules | | `keybindings-help` | local | 🟠 | Customizes `~/.claude/keybindings.json` | | `colony-bootstrap` | local | 🟠 | Bootstraps an Agent Colony plan | | `security-review` | local | 🟠 | Branch security review | | `review` | local | 🟠 | PR review skill | > All "local" skills live under `~/.claude/skills/` (or are loaded via plugin) and are inspectable. Trust = **the source is local and readable**. --- ## High-reputation third-party skills (Tier 🟡) Skills that appear repeatedly across multiple registries with security scanning: - **[anthropics/skills](https://github.com/anthropics/skills)** — Anthropic's own public skill repo. 🟢 - **[Skills Directory](https://www.skillsdirectory.com/)** — every skill scanned for malware, prompt injection, credential theft. 🟡 - **[SkillHub](https://www.skillhub.club/)** — 7,000+ AI-evaluated skills, S-rank (9.0+) skills are conservative bets. 🟡 (only S/A-rank) - **[Tech Leads Club agent-skills](https://github.com/tech-leads-club/agent-skills)** — verified-tested-safe skill registry; positions itself against the 13% malicious baseline. 🟡 - **[LobeHub Skills Marketplace](https://lobehub.com/skills)** — security-first vetting. 🟡 (with caveat — re-audit anything before piping it to a tool with shell access) ## Marketplaces requiring caution (Tier 🔴 by default) - **[SkillsMP](https://skillsmp.com/)** — community aggregator from GitHub. Useful for discovery; treat each skill as untrusted until read. - **[claudeskills.info](https://claudeskills.info/skills/)** — 140+ open-source skills, but no security audit before listing. --- ## How to vet a Claude skill before installing 1. Read the skill's `SKILL.md` (or `skill.md`) end-to-end. Anything invoking `Bash`, `Write`, network calls, or `eval` is high-risk. 2. Check the `tools` declared in frontmatter — a "summarize a paragraph" skill that asks for `Bash` is suspicious. 3. Cross-reference the author against at least one of: anthropics/skills contributors, Skills Directory verified list, SkillHub S-rank. 4. If you must use it, run it first in a sandbox (OpenClaw + sandbox-on, or a Docker workspace) before granting your real shell. 5. If the skill bundles binary blobs or fetches code at runtime, **stop**. Anthropic's threat model doesn't cover this. --- ## Sources - [Anthropic — Equipping agents for the real world with Agent Skills](https://www.anthropic.com/engineering/equipping-agents-for-the-real-world-with-agent-skills) - [Anthropic — Introducing Agent Skills](https://claude.com/blog/skills) - [Agent Skills overview (agentskills.io)](https://agentskills.io/home) - [Claude API docs — Agent Skills](https://platform.claude.com/docs/en/agents-and-tools/agent-skills/overview) - [Tech Leads Club agent-skills](https://github.com/tech-leads-club/agent-skills) - [SkillHub](https://www.skillhub.club/) - [Skills Directory](https://www.skillsdirectory.com/) - [LobeHub Skills](https://lobehub.com/skills) - [SkillsMP](https://skillsmp.com/) - [anthropics/skills (GitHub)](https://github.com/anthropics/skills)