๐Ÿš€ Skillhub is in public betaยทNew skills added weeklyยทLive AI sandbox โ€” try before you installยทFeedback? We're listeningยทEarly publishers get featured placementยทOne command to install any skillยท๐Ÿš€ Skillhub is in public betaยทNew skills added weeklyยทLive AI sandbox โ€” try before you installยทFeedback? We're listeningยทEarly publishers get featured placementยทOne command to install any skillยท
Skillhub

About Skillhub

Skillhub is the open marketplace for SKILL.md packages โ€” reusable AI agent behaviors that extend Claude Code, Cursor, Codex, and any tool that supports system prompts or custom instructions. Think of it as the App Store for AI skills: one command installs any skill into your workflow.

What is Skillhub?

AI coding tools are only as useful as the behaviors you can teach them. Today, every developer writes their own prompts, custom instructions, and agent configurations from scratch โ€” and then loses them when they switch tools or machines.

Skillhub solves this. A SKILL.md file is a portable, versioned behavior specification that any AI agent can load. Skills can automate code review, generate tests, write migrations, scan for security vulnerabilities, and more โ€” all with a single install command:

$ npx skillhub-install install security-scanner

Publishers upload their SKILL.md files, set a price (or keep them free), and earn revenue every time someone installs their skill. Buyers get instantly reproducible AI behaviors, locked to a specific semver version in ~/.skillhub/lock.json.

How Trust Scores Work

Every skill on Skillhub is automatically scanned for security threats before it goes live. The Trust Score (0โ€“100) reflects the outcome of that scan.

80โ€“100

High trust

No significant threats detected. Safe to install.

60โ€“79

Medium trust

Minor concerns (e.g. HTTP requests). Review before installing.

0โ€“59

Low trust

Critical or high-severity issues found. Install at your own risk.

The scanner checks for prompt injection, remote code execution, shell execution, data exfiltration, environment variable access, home directory access, obfuscated payloads, and more. Each detected pattern deducts points from the score, which starts at 100.

Skills start in Under Review status and become publicly visible only after passing our automated scan. Publishers can appeal manual reviews via the publisher dashboard.

The SKILL.md Standard

A SKILL.md file is a plain Markdown file with a YAML front matter header that describes the skill's name, version, and category. The body contains the natural-language instructions that the AI agent executes.

---
name: security-scanner
version: 2.4.0
category: Security
---
You are a security expert. Analyze the provided code for OWASP Top 10 vulnerabilities...

The format is intentionally minimal so it works with any AI tool. Claude Code loads SKILL.md files via custom instructions; Cursor reads them as rules; Codex agents consume them as system prompts. The standard is open โ€” anyone can implement a compatible loader.

We publish the full spec at skillhub.builders/blog/what-is-skill-md.

Contact

For partnership inquiries, press requests, or security disclosures, email us at hello@skillhub.builders. For bug reports and feature requests, open an issue on GitHub.

Ready to add your first skill?

Browse skills โ†’|Publish a skill โ†’