Skip to content

Security: Leon-Drq/openagentskill

Security

SECURITY.md

Security Policy

OpenAgentSkill helps agents and builders discover, compare, audit, and install reusable AI agent skills. The platform is designed to improve decision quality before a skill is used, but it does not make third-party code safe by default.

Supported Scope

This policy covers:

  • The OpenAgentSkill website and API.
  • Registry, ranking, audit, badge, claim, and outcome-feedback surfaces.
  • Protected automation routes for indexing, IndexNow, and X posting.
  • Public skill metadata generated by OpenAgentSkill.

This policy does not cover:

  • Third-party repositories listed on OpenAgentSkill.
  • Code, scripts, dependencies, prompts, or install commands maintained outside this repository.
  • Claims made by third-party skill authors unless they are explicitly verified.

Third-Party Skill Safety

OpenAgentSkill does not automatically execute third-party skills for users.

Before installing or running a skill, review:

  • Source code and scripts.
  • Dependency changes.
  • Install command.
  • Environment-variable usage.
  • Network calls.
  • Shell execution.
  • License and maintenance status.
  • Prompt-injection or data-exfiltration risk.

For sensitive work, run new skills in a sandboxed workspace first. Do not expose production secrets, customer data, private keys, or personal data to unreviewed skills.

Trust Score And Audits

Trust Score and audit pages are decision-support signals. They combine metadata such as GitHub activity, README/SKILL.md completeness, license clarity, install safety, permission surface, and real agent outcome feedback.

They are not:

  • A formal security certification.
  • A guarantee that a repository is safe.
  • A replacement for manual review.
  • A promise that install commands will work in every environment.

Reporting A Vulnerability

Please open a private security report on GitHub if available, or contact the maintainer with:

  • Affected URL, endpoint, or repository.
  • Steps to reproduce.
  • Impact and severity.
  • Relevant request/response samples.
  • Whether any secret, token, private data, or user account was exposed.

Do not publicly disclose exploitable issues until the maintainer has had a reasonable chance to investigate.

Reporting A Risky Or Malicious Skill

If a listed skill appears unsafe, open an issue with:

  • Skill URL on OpenAgentSkill.
  • Source repository URL.
  • Why it is risky.
  • Evidence, such as unsafe shell commands, token access, network exfiltration, malicious dependencies, or misleading metadata.

OpenAgentSkill may mark a skill as blocked, experimental, or needs review while the report is investigated.

Automation And Secret Handling

Privileged routes must stay server-side and protected by bearer secrets or OAuth authorization. Never expose:

  • Supabase service-role or secret keys.
  • X OAuth client secrets or refresh tokens.
  • GitHub tokens.
  • Indexer or cron secrets.

Public browser code should only use public Supabase anon credentials protected by Row Level Security.

There aren't any published security advisories