SkillSpector
taubek
34 points
4 comments
June 12, 2026
Related Discussions
Found 5 related stories in 123.3ms across 10,324 title embeddings via pgvector HNSW
- Skillfile, the declarative skill manager, now with search for 110K+ skills _juli_ · 12 pts · March 16, 2026 · 62% similar
- Show HN: Sx – an open-source package manager for AI skills, MCPs, and commands detkin · 40 pts · May 15, 2026 · 52% similar
- Nvidia NemoClaw hmokiguess · 280 pts · March 18, 2026 · 52% similar
- Show HN: I Made a Claude Skill for Spec-Driven Development (SDD) NTRIXLM · 25 pts · May 21, 2026 · 51% similar
- Agent Skills – Open Security Database 4ppsec · 33 pts · March 16, 2026 · 51% similar
Discussion Highlights (1 comments)
jacobgold
This approach seems useful for validating certain kinds of skills, but I worry that it provides a false sense of security. It is a bit like antivirus software. It might be better than nothing, but it is hard to know how much better. Skills are ultimately just prompts, and agents execute code based on what is in them. If agents running skills can write code, execute commands, and reach the internet, it is virtually impossible to prove they are trustworthy. When we download programs, we trust that the companies who wrote them did not add malicious code. We do have some ways of detecting malicious code, but software distribution is still mostly a trust-based system. My recommendation is not to run skills from any source you would not download and execute code from.