OpenAgentSkill helps agents and builders discover, compare, audit, and install reusable AI agent skills. The platform is designed to improve decision quality before a skill is used, but it does not make third-party code safe by default.
This policy covers:
- The OpenAgentSkill website and API.
- Registry, ranking, audit, badge, claim, and outcome-feedback surfaces.
- Protected automation routes for indexing, IndexNow, and X posting.
- Public skill metadata generated by OpenAgentSkill.
This policy does not cover:
- Third-party repositories listed on OpenAgentSkill.
- Code, scripts, dependencies, prompts, or install commands maintained outside this repository.
- Claims made by third-party skill authors unless they are explicitly verified.
OpenAgentSkill does not automatically execute third-party skills for users.
Before installing or running a skill, review:
- Source code and scripts.
- Dependency changes.
- Install command.
- Environment-variable usage.
- Network calls.
- Shell execution.
- License and maintenance status.
- Prompt-injection or data-exfiltration risk.
For sensitive work, run new skills in a sandboxed workspace first. Do not expose production secrets, customer data, private keys, or personal data to unreviewed skills.
Trust Score and audit pages are decision-support signals. They combine metadata such as GitHub activity, README/SKILL.md completeness, license clarity, install safety, permission surface, and real agent outcome feedback.
They are not:
- A formal security certification.
- A guarantee that a repository is safe.
- A replacement for manual review.
- A promise that install commands will work in every environment.
Please open a private security report on GitHub if available, or contact the maintainer with:
- Affected URL, endpoint, or repository.
- Steps to reproduce.
- Impact and severity.
- Relevant request/response samples.
- Whether any secret, token, private data, or user account was exposed.
Do not publicly disclose exploitable issues until the maintainer has had a reasonable chance to investigate.
If a listed skill appears unsafe, open an issue with:
- Skill URL on OpenAgentSkill.
- Source repository URL.
- Why it is risky.
- Evidence, such as unsafe shell commands, token access, network exfiltration, malicious dependencies, or misleading metadata.
OpenAgentSkill may mark a skill as blocked, experimental, or needs review while the report is investigated.
Privileged routes must stay server-side and protected by bearer secrets or OAuth authorization. Never expose:
- Supabase service-role or secret keys.
- X OAuth client secrets or refresh tokens.
- GitHub tokens.
- Indexer or cron secrets.
Public browser code should only use public Supabase anon credentials protected by Row Level Security.