Ensure Professional Credibility for Your AI Skills

The Skill Security Vendor Pack is a specialized auditing tool designed for developers and agencies building for AI marketplaces. It automates the pre-flight inspection of skill packages, ensuring they meet the high standards required for commercial distribution and client delivery.

What it does

This skill performs a deep-dive scan of a skill folder to identify security risks, packaging defects, and marketplace-readiness gaps. It replaces manual checklists with an automated, script-based review process that generates both developer-friendly JSON data and client-ready Markdown reports.

• Permission Auditing: Scans for high-risk or over-scoped permissions that might block marketplace approval.
• Pattern Matching: Flags suspicious code patterns or shell execution risks that require manual verification.
• Packaging Validation: Checks for missing configuration files, metadata inconsistencies, and directory structure errors.
• Portable Analysis: Built with zero-dependency Python for easy inclusion in CI/CD pipelines or local development workflows.

Why use this skill?

While basic prompting might catch high-level errors, this skill follows a strict Output Contract, ensuring every report is structured for professional use. It provides evidence-backed flags rather than generic warnings, allowing you to fix issues before they become "denied" statuses on a marketplace or security concerns for a client. It effectively turns your audit process into a repeatable, professional service.