skillsio 1.1.1 → 1.1.3

package/README.md

@@ -3,6 +3,10 @@
 A security-hardened fork of the [skills](https://github.com/vercel-labs/skills) CLI that scans agent skills for
 malicious content before installation.
 
+<!-- agent-list:start -->
+Supports **OpenCode**, **Claude Code**, **Codex**, **Cursor**, and [37 more](#available-agents).
+<!-- agent-list:end -->
+
 The open agent skills ecosystem makes it trivial to install third-party instruction sets into coding agents — but that
 same ease of installation is a vector for prompt injection, data exfiltration, and credential theft.
 [Snyk's analysis](https://snyk.io/blog/) of 3,984 published skills found that **13.4% had critical security issues** and
@@ -50,6 +54,23 @@ domain patterns that regex rules can't — letting you eyeball where a skill wan
 With `--yes`, URL-only prompts are auto-continued. Skills with high/critical findings always show URLs alongside the
 findings summary.
 
+### Third-Party Audits via skills.sh
+
+For GitHub-sourced skills, the CLI automatically checks [skills.sh](https://skills.sh) — Vercel's official skill
+directory — which runs independent third-party security audits from three auditors: **Snyk**, **Socket**, and
+**Gen Agent Trust Hub**. Results appear alongside local scan output:
+
+```
+  ◆ skills.sh: 3 audits  [Snyk ✗]  [Socket ✓]  [Trust Hub ✗]
+    https://skills.sh/inference-sh-3/skills/agent-tools
+```
+
+- Green ✓ = auditor passed, Red ✗ = auditor failed, Dim ~ = no result yet
+- If any auditor returns a **Fail** verdict, severity is escalated to at least **High**, triggering a confirmation
+  prompt
+- skills.sh lookup runs in parallel with VT and never blocks installation on error (graceful fallback)
+- Only fires for GitHub-sourced skills that are listed on skills.sh — silent for everything else
+
 ### Optional: VirusTotal Integration
 
 When a [VirusTotal](https://www.virustotal.com/) API key is provided, the CLI also hashes each skill's content
@@ -242,18 +263,19 @@ Supports **OpenCode**, **Claude Code**, **Codex**, **Cursor**, and [35 more](#su
 <!-- supported-agents:start -->
 | Agent | `--agent` | Project Path | Global Path |
 |-------|-----------|--------------|-------------|
-| Amp, Kimi Code CLI, Replit | `amp`, `kimi-cli`, `replit` | `.agents/skills/` | `~/.config/agents/skills/` |
+| Amp, Kimi Code CLI, Replit, Universal | `amp`, `kimi-cli`, `replit`, `universal` | `.agents/skills/` | `~/.config/agents/skills/` |
 | Antigravity | `antigravity` | `.agent/skills/` | `~/.gemini/antigravity/skills/` |
 | Augment | `augment` | `.augment/skills/` | `~/.augment/skills/` |
 | Claude Code | `claude-code` | `.claude/skills/` | `~/.claude/skills/` |
-| OpenClaw | `openclaw` | `skills/` | `~/.moltbot/skills/` |
+| OpenClaw | `openclaw` | `skills/` | `~/.openclaw/skills/` |
 | Cline | `cline` | `.cline/skills/` | `~/.cline/skills/` |
 | CodeBuddy | `codebuddy` | `.codebuddy/skills/` | `~/.codebuddy/skills/` |
 | Codex | `codex` | `.agents/skills/` | `~/.codex/skills/` |
 | Command Code | `command-code` | `.commandcode/skills/` | `~/.commandcode/skills/` |
 | Continue | `continue` | `.continue/skills/` | `~/.continue/skills/` |
+| Cortex Code | `cortex` | `.cortex/skills/` | `~/.snowflake/cortex/skills/` |
 | Crush | `crush` | `.crush/skills/` | `~/.config/crush/skills/` |
-| Cursor | `cursor` | `.cursor/skills/` | `~/.cursor/skills/` |
+| Cursor | `cursor` | `.agents/skills/` | `~/.cursor/skills/` |
 | Droid | `droid` | `.factory/skills/` | `~/.factory/skills/` |
 | Gemini CLI | `gemini-cli` | `.agents/skills/` | `~/.gemini/skills/` |
 | GitHub Copilot | `github-copilot` | `.agents/skills/` | `~/.copilot/skills/` |
@@ -281,7 +303,154 @@ Supports **OpenCode**, **Claude Code**, **Codex**, **Cursor**, and [35 more](#su
 | AdaL | `adal` | `.adal/skills/` | `~/.adal/skills/` |
 <!-- supported-agents:end -->
 
-The CLI automatically detects which coding agents you have installed.
+> [!NOTE]
+> **Kiro CLI users:** After installing skills, manually add them to your custom agent's `resources` in
+> `.kiro/agents/<agent>.json`:
+>
+> ```json
+> {
+>   "resources": ["skill://.kiro/skills/**/SKILL.md"]
+> }
+> ```
+
+The CLI automatically detects which coding agents you have installed. If none are detected, you'll be prompted to select
+which agents to install to.
+
+## Creating Skills
+
+Skills are directories containing a `SKILL.md` file with YAML frontmatter:
+
+```markdown
+---
+name: my-skill
+description: What this skill does and when to use it
+---
+
+# My Skill
+
+Instructions for the agent to follow when this skill is activated.
+
+## When to Use
+
+Describe the scenarios where this skill should be used.
+
+## Steps
+
+1. First, do this
+2. Then, do that
+```
+
+### Required Fields
+
+- `name`: Unique identifier (lowercase, hyphens allowed)
+- `description`: Brief explanation of what the skill does
+
+### Optional Fields
+
+- `metadata.internal`: Set to `true` to hide the skill from normal discovery. Internal skills are only visible and
+  installable when `INSTALL_INTERNAL_SKILLS=1` is set. Useful for work-in-progress skills or skills meant only for
+  internal tooling.
+
+```markdown
+---
+name: my-internal-skill
+description: An internal skill not shown by default
+metadata:
+  internal: true
+---
+```
+
+### Skill Discovery
+
+The CLI searches for skills in these locations within a repository:
+
+<!-- skill-discovery:start -->
+- Root directory (if it contains `SKILL.md`)
+- `skills/`
+- `skills/.curated/`
+- `skills/.experimental/`
+- `skills/.system/`
+- `.agents/skills/`
+- `.agent/skills/`
+- `.augment/skills/`
+- `.claude/skills/`
+- `./skills/`
+- `.cline/skills/`
+- `.codebuddy/skills/`
+- `.commandcode/skills/`
+- `.continue/skills/`
+- `.cortex/skills/`
+- `.crush/skills/`
+- `.factory/skills/`
+- `.goose/skills/`
+- `.junie/skills/`
+- `.iflow/skills/`
+- `.kilocode/skills/`
+- `.kiro/skills/`
+- `.kode/skills/`
+- `.mcpjam/skills/`
+- `.vibe/skills/`
+- `.mux/skills/`
+- `.openhands/skills/`
+- `.pi/skills/`
+- `.qoder/skills/`
+- `.qwen/skills/`
+- `.roo/skills/`
+- `.trae/skills/`
+- `.windsurf/skills/`
+- `.zencoder/skills/`
+- `.neovate/skills/`
+- `.pochi/skills/`
+- `.adal/skills/`
+<!-- skill-discovery:end -->
+
+### Plugin Manifest Discovery
+
+If `.claude-plugin/marketplace.json` or `.claude-plugin/plugin.json` exists, skills declared in those files are also discovered:
+
+```json
+// .claude-plugin/marketplace.json
+{
+  "metadata": { "pluginRoot": "./plugins" },
+  "plugins": [{
+    "name": "my-plugin",
+    "source": "my-plugin",
+    "skills": ["./skills/review", "./skills/test"]
+  }]
+}
+```
+
+This enables compatibility with the [Claude Code plugin marketplace](https://code.claude.com/docs/en/plugin-marketplaces) ecosystem.
+
+If no skills are found in standard locations, a recursive search is performed.
+
+## Compatibility
+
+Skills are generally compatible across agents since they follow a
+shared [Agent Skills specification](https://agentskills.io). However, some features may be agent-specific:
+
+| Feature         | OpenCode | OpenHands | Claude Code | Cline | CodeBuddy | Codex | Command Code | Kiro CLI | Cursor | Antigravity | Roo Code | Github Copilot | Amp | OpenClaw | Neovate | Pi  | Qoder | Zencoder |
+| --------------- | -------- | --------- | ----------- | ----- | --------- | ----- | ------------ | -------- | ------ | ----------- | -------- | -------------- | --- | -------- | ------- | --- | ----- | -------- |
+| Basic skills    | Yes      | Yes       | Yes         | Yes   | Yes       | Yes   | Yes          | Yes      | Yes    | Yes         | Yes      | Yes            | Yes | Yes      | Yes     | Yes | Yes   | Yes      |
+| `allowed-tools` | Yes      | Yes       | Yes         | Yes   | Yes       | Yes   | Yes          | No       | Yes    | Yes         | Yes      | Yes            | Yes | Yes      | Yes     | Yes | Yes   | No       |
+| `context: fork` | No       | No        | Yes         | No    | No        | No    | No           | No       | No     | No          | No       | No             | No  | No       | No      | No  | No    | No       |
+| Hooks           | No       | No        | Yes         | Yes   | No        | No    | No           | No       | No     | No          | No       | No             | No  | No       | No      | No  | No    | No       |
+
+## Troubleshooting
+
+### "No skills found"
+
+Ensure the repository contains valid `SKILL.md` files with both `name` and `description` in the frontmatter.
+
+### Skill not loading in agent
+
+- Verify the skill was installed to the correct path
+- Check the agent's documentation for skill loading requirements
+- Ensure the `SKILL.md` frontmatter is valid YAML
+
+### Permission errors
+
+Ensure you have write access to the target directory.
 
 ## Environment Variables
 
@@ -306,10 +475,12 @@ pnpm format           # Format code with Prettier
 - `src/scanner.ts` — Rules engine. Defines ~81 regex rules across 8 threat categories, a correlation engine for
   multi-signal detection, and optional deep taint analysis integration. Supports loading external rules from JSON
   files via `--rules`.
-- `src/scanner-ui.ts` — Presentation layer. Displays findings by severity, runs optional VT lookups, handles
-  escalation logic and user confirmation prompts.
+- `src/scanner-ui.ts` — Presentation layer. Displays findings by severity, runs VT and skills.sh lookups in parallel,
+  handles escalation logic and user confirmation prompts.
 - `src/vt.ts` — VirusTotal API client. SHA-256 hashing, `GET /api/v3/files/{hash}` lookup, verdict mapping, graceful
   error handling.
+- `src/skills-sh.ts` — skills.sh audit client. Fetches and HTML-parses third-party audit results (Snyk, Socket, Gen
+  Agent Trust Hub) for GitHub-sourced skills with a 5-second timeout; always resolves gracefully.
 - `src/deep-scan/` — Deep taint analysis engine (enabled via `--deep-scan`). Regex-based tokenizers extract sources,
   sinks, and assignments from Python/JS/TS files; a forward taint tracker propagates data flow; a cross-file analyzer
   detects multi-file attack patterns via import graph analysis. See [docs/deep-scan.md](docs/deep-scan.md).
@@ -318,6 +489,28 @@ pnpm format           # Format code with Prettier
 
 ## Changelog
 
+### 1.1.3
+
+- **Synced with upstream** ([vercel-labs/skills](https://github.com/vercel-labs/skills)): universal agent support
+  (`.agents/skills/` as a single install target symlinked across agents), new agents (Cortex Code, and others), Kiro CLI
+  note, Creating Skills docs, Compatibility table, Troubleshooting section, agent-list badge
+- **Replaced HTML scraping with structured API**: third-party audit now uses the `add-skill.vercel.sh/audit` JSON
+  endpoint instead of scraping `skills.sh` HTML — more reliable and richer data (risk levels + alert counts per auditor)
+- **Stronger blocking**: critical and high risk from the API both always prompt for confirmation; `--yes` is ignored for
+  both (previously high was bypassed by `--yes` and critical only prompted rather than blocked)
+- **Audit failure warning**: if the skills.sh API is unreachable, a yellow warning is shown rather than silently
+  skipping — local scan still runs regardless
+- Removed duplicate audit display (previously showed both an inline scan note and a separate "Security Risk Assessments"
+  panel for the same data)
+
+### 1.1.2
+
+- **skills.sh audit integration**: for GitHub-sourced skills, the CLI now fetches third-party audit results from
+  [skills.sh](https://skills.sh) (Snyk, Socket, Gen Agent Trust Hub) and displays them alongside local scan output
+- Critical or High risk from any auditor escalates the install gate — critical always prompts even with `--yes`, high
+  blocks unless `--yes` is set; uses the structured skills.sh JSON API instead of HTML scraping
+- Audit runs in parallel with VirusTotal and fails silently on any network or parse error
+
 ### 1.1.1
 
 - Removed anonymous usage telemetry inherited from the original Vercel `skills` CLI
@@ -347,6 +540,37 @@ pnpm format           # Format code with Prettier
 - URL transparency: all external URLs in skill files are shown before installation
 - Scanner rules informed by Snyk and ClawHavoc research
 
+## Links
+
+- [Agent Skills Specification](https://agentskills.io)
+- [Skills Directory](https://skills.sh)
+- [Amp Skills Documentation](https://ampcode.com/manual#agent-skills)
+- [Antigravity Skills Documentation](https://antigravity.google/docs/skills)
+- [Factory AI / Droid Skills Documentation](https://docs.factory.ai/cli/configuration/skills)
+- [Claude Code Skills Documentation](https://code.claude.com/docs/en/skills)
+- [OpenClaw Skills Documentation](https://docs.openclaw.ai/tools/skills)
+- [Cline Skills Documentation](https://docs.cline.bot/features/skills)
+- [CodeBuddy Skills Documentation](https://www.codebuddy.ai/docs/ide/Features/Skills)
+- [Codex Skills Documentation](https://developers.openai.com/codex/skills)
+- [Command Code Skills Documentation](https://commandcode.ai/docs/skills)
+- [Crush Skills Documentation](https://github.com/charmbracelet/crush?tab=readme-ov-file#agent-skills)
+- [Cursor Skills Documentation](https://cursor.com/docs/context/skills)
+- [Gemini CLI Skills Documentation](https://geminicli.com/docs/cli/skills/)
+- [GitHub Copilot Agent Skills](https://docs.github.com/en/copilot/concepts/agents/about-agent-skills)
+- [iFlow CLI Skills Documentation](https://platform.iflow.cn/en/cli/examples/skill)
+- [Kimi Code CLI Skills Documentation](https://moonshotai.github.io/kimi-cli/en/customization/skills.html)
+- [Kiro CLI Skills Documentation](https://kiro.dev/docs/cli/custom-agents/configuration-reference/#skill-resources)
+- [Kode Skills Documentation](https://github.com/shareAI-lab/kode/blob/main/docs/skills.md)
+- [OpenCode Skills Documentation](https://opencode.ai/docs/skills)
+- [Qwen Code Skills Documentation](https://qwenlm.github.io/qwen-code-docs/en/users/features/skills/)
+- [OpenHands Skills Documentation](https://docs.openhands.ai/modules/usage/how-to/using-skills)
+- [Pi Skills Documentation](https://github.com/badlogic/pi-mono/blob/main/packages/coding-agent/docs/skills.md)
+- [Qoder Skills Documentation](https://docs.qoder.com/cli/Skills)
+- [Replit Skills Documentation](https://docs.replit.com/replitai/skills)
+- [Roo Code Skills Documentation](https://docs.roocode.com/features/skills)
+- [Trae Skills Documentation](https://docs.trae.ai/ide/skills)
+- [Vercel Agent Skills Repository](https://github.com/vercel-labs/agent-skills)
+
 ## Research
 
 The scanner rules are informed by the following research into malicious agent skills:

package/dist/cli.mjs

@@ -50,7 +50,10 @@ function isDirectSkillUrl(input) {
 	if (input.includes("gitlab.com/") && !input.includes("/-/raw/")) return false;
 	return true;
 }
+const SOURCE_ALIASES = { "coinbase/agentWallet": "coinbase/agentic-wallet-skills" };
 function parseSource(input) {
+	const alias = SOURCE_ALIASES[input];
+	if (alias) input = alias;
 	if (isLocalPath(input)) {
 		const resolvedPath = resolve(input);
 		return {
@@ -169,7 +172,8 @@ const S_STEP_CANCEL = import_picocolors.default.red("■");
 const S_STEP_SUBMIT = import_picocolors.default.green("◇");
 const S_RADIO_ACTIVE = import_picocolors.default.green("●");
 const S_RADIO_INACTIVE = import_picocolors.default.dim("○");
-const S_CHECKBOX_LOCKED = import_picocolors.default.green("✓");
+import_picocolors.default.green("✓");
+const S_BULLET = import_picocolors.default.green("•");
 const S_BAR = import_picocolors.default.dim("│");
 const S_BAR_H = import_picocolors.default.dim("─");
 const cancelSymbol = Symbol("cancel");
@@ -212,10 +216,11 @@ async function searchMultiselect(options) {
 			if (state === "active") {
 				if (lockedSection && lockedSection.items.length > 0) {
 					lines.push(`${S_BAR}`);
-					lines.push(`${S_BAR}  ${S_BAR_H}${S_BAR_H} ${import_picocolors.default.bold(lockedSection.title)} ${S_BAR_H.repeat(30)}`);
-					for (const item of lockedSection.items) lines.push(`${S_BAR}    ${S_CHECKBOX_LOCKED} ${item.label}`);
+					const lockedTitle = `${import_picocolors.default.bold(lockedSection.title)} ${import_picocolors.default.dim("── always included")}`;
+					lines.push(`${S_BAR}  ${S_BAR_H}${S_BAR_H} ${lockedTitle} ${S_BAR_H.repeat(12)}`);
+					for (const item of lockedSection.items) lines.push(`${S_BAR}    ${S_BULLET} ${import_picocolors.default.bold(item.label)}`);
 					lines.push(`${S_BAR}`);
-					lines.push(`${S_BAR}  ${S_BAR_H}${S_BAR_H} ${import_picocolors.default.bold("Other agents")} ${S_BAR_H.repeat(34)}`);
+					lines.push(`${S_BAR}  ${S_BAR_H}${S_BAR_H} ${import_picocolors.default.bold("Additional agents")} ${S_BAR_H.repeat(29)}`);
 				}
 				const searchLine = `${S_BAR}  ${import_picocolors.default.dim("Search:")} ${query}${import_picocolors.default.inverse(" ")}`;
 				lines.push(searchLine);
@@ -428,6 +433,7 @@ async function parseSkillMd(skillMdPath, options) {
 		const content = await readFile(skillMdPath, "utf-8");
 		const { data } = (0, import_gray_matter.default)(content);
 		if (!data.name || !data.description) return null;
+		if (typeof data.name !== "string" || typeof data.description !== "string") return null;
 		if (data.metadata?.internal === true && !shouldInstallInternalSkills() && !options?.includeInternal) return null;
 		return {
 			name: data.name,
@@ -477,7 +483,6 @@ async function discoverSkills(basePath, subpath, options) {
 		join(searchPath, ".codex/skills"),
 		join(searchPath, ".commandcode/skills"),
 		join(searchPath, ".continue/skills"),
-		join(searchPath, ".cursor/skills"),
 		join(searchPath, ".github/skills"),
 		join(searchPath, ".goose/skills"),
 		join(searchPath, ".iflow/skills"),
@@ -536,6 +541,12 @@ const home = homedir();
 const configHome = xdgConfig ?? join(home, ".config");
 const codexHome = process.env.CODEX_HOME?.trim() || join(home, ".codex");
 const claudeHome = process.env.CLAUDE_CONFIG_DIR?.trim() || join(home, ".claude");
+function getOpenClawGlobalSkillsDir(homeDir = home, pathExists = existsSync) {
+	if (pathExists(join(homeDir, ".openclaw"))) return join(homeDir, ".openclaw/skills");
+	if (pathExists(join(homeDir, ".clawdbot"))) return join(homeDir, ".clawdbot/skills");
+	if (pathExists(join(homeDir, ".moltbot"))) return join(homeDir, ".moltbot/skills");
+	return join(homeDir, ".openclaw/skills");
+}
 const agents = {
 	amp: {
 		name: "amp",
@@ -577,7 +588,7 @@ const agents = {
 		name: "openclaw",
 		displayName: "OpenClaw",
 		skillsDir: "skills",
-		globalSkillsDir: existsSync(join(home, ".openclaw")) ? join(home, ".openclaw/skills") : existsSync(join(home, ".clawdbot")) ? join(home, ".clawdbot/skills") : join(home, ".moltbot/skills"),
+		globalSkillsDir: getOpenClawGlobalSkillsDir(),
 		detectInstalled: async () => {
 			return existsSync(join(home, ".openclaw")) || existsSync(join(home, ".clawdbot")) || existsSync(join(home, ".moltbot"));
 		}
@@ -627,6 +638,15 @@ const agents = {
 			return existsSync(join(process.cwd(), ".continue")) || existsSync(join(home, ".continue"));
 		}
 	},
+	cortex: {
+		name: "cortex",
+		displayName: "Cortex Code",
+		skillsDir: ".cortex/skills",
+		globalSkillsDir: join(home, ".snowflake/cortex/skills"),
+		detectInstalled: async () => {
+			return existsSync(join(home, ".snowflake/cortex"));
+		}
+	},
 	crush: {
 		name: "crush",
 		displayName: "Crush",
@@ -639,7 +659,7 @@ const agents = {
 	cursor: {
 		name: "cursor",
 		displayName: "Cursor",
-		skillsDir: ".cursor/skills",
+		skillsDir: ".agents/skills",
 		globalSkillsDir: join(home, ".cursor/skills"),
 		detectInstalled: async () => {
 			return existsSync(join(home, ".cursor"));
@@ -888,6 +908,14 @@ const agents = {
 		detectInstalled: async () => {
 			return existsSync(join(home, ".adal"));
 		}
+	},
+	universal: {
+		name: "universal",
+		displayName: "Universal",
+		skillsDir: ".agents/skills",
+		globalSkillsDir: join(configHome, "agents/skills"),
+		showInUniversalList: false,
+		detectInstalled: async () => false
 	}
 };
 async function detectInstalledAgents() {
@@ -3296,6 +3324,24 @@ async function lookupFileHash(sha256, apiKey) {
 async function checkSkillOnVT(skillContent, apiKey) {
 	return lookupFileHash(createHash("sha256").update(skillContent).digest("hex"), apiKey);
 }
+const AUDIT_URL = "https://add-skill.vercel.sh/audit";
+async function fetchAuditData(source, skillSlugs, timeoutMs = 3e3) {
+	if (skillSlugs.length === 0) return null;
+	try {
+		const params = new URLSearchParams({
+			source,
+			skills: skillSlugs.join(",")
+		});
+		const controller = new AbortController();
+		const timeout = setTimeout(() => controller.abort(), timeoutMs);
+		const response = await fetch(`${AUDIT_URL}?${params.toString()}`, { signal: controller.signal });
+		clearTimeout(timeout);
+		if (!response.ok) return null;
+		return await response.json();
+	} catch {
+		return null;
+	}
+}
 const SEVERITY_LABELS = {
 	critical: import_picocolors.default.bgRed(import_picocolors.default.white(import_picocolors.default.bold(" CRITICAL "))),
 	high: import_picocolors.default.red(import_picocolors.default.bold("HIGH")),
@@ -3310,6 +3356,14 @@ const SEVERITY_ORDER = {
 	high: 3,
 	critical: 4
 };
+const AUDIT_RISK_ORDER = {
+	unknown: 0,
+	safe: 0,
+	low: 1,
+	medium: 2,
+	high: 3,
+	critical: 4
+};
 function displayVTVerdict(verdict) {
 	if (!verdict.found) {
 		M.message(import_picocolors.default.dim("  VirusTotal: not found (local scan only)"));
@@ -3324,22 +3378,95 @@ function displayVTVerdict(verdict) {
 	}
 	if (verdict.permalink) M.message(import_picocolors.default.dim(`    ${verdict.permalink}`));
 }
+function auditRiskBadge(displayName, audit) {
+	const alerts = audit.alerts != null && audit.alerts > 0 ? ` ${audit.alerts} alert${audit.alerts !== 1 ? "s" : ""}` : "";
+	switch (audit.risk) {
+		case "critical": return `[${import_picocolors.default.red(import_picocolors.default.bold(`${displayName} ✗ critical${alerts}`))}]`;
+		case "high": return `[${import_picocolors.default.red(`${displayName} ✗ high${alerts}`)}]`;
+		case "medium": return `[${import_picocolors.default.yellow(`${displayName} ⚠ medium${alerts}`)}]`;
+		case "low": return `[${import_picocolors.default.green(`${displayName} ✓ low`)}]`;
+		case "safe": return `[${import_picocolors.default.green(`${displayName} ✓`)}]`;
+		default: return `[${import_picocolors.default.dim(`${displayName} ~`)}]`;
+	}
+}
+const AUDITORS = [
+	{
+		id: "ath",
+		displayName: "Trust Hub"
+	},
+	{
+		id: "socket",
+		displayName: "Socket"
+	},
+	{
+		id: "snyk",
+		displayName: "Snyk"
+	}
+];
+function displayAuditResults(skillNames, auditData, source) {
+	if (!skillNames.some((name) => {
+		const data = auditData[name];
+		return data && Object.keys(data).length > 0;
+	})) return;
+	for (const skillName of skillNames) {
+		const data = auditData[skillName];
+		if (!data || Object.keys(data).length === 0) continue;
+		const badges = AUDITORS.map(({ id, displayName }) => {
+			const audit = data[id];
+			return audit ? auditRiskBadge(displayName, audit) : `[${import_picocolors.default.dim(`${displayName} ~`)}]`;
+		}).join("  ");
+		const label = skillNames.length > 1 ? `${import_picocolors.default.cyan(skillName)}: ` : "";
+		M.message(`  ${import_picocolors.default.cyan("◆")} ${label}${badges}`);
+	}
+	M.message(import_picocolors.default.dim(`    https://skills.sh/${source}`));
+}
+function maxAuditRisk(skillNames, auditData) {
+	let max = 0;
+	for (const skillName of skillNames) {
+		const data = auditData[skillName];
+		if (!data) continue;
+		for (const audit of Object.values(data)) {
+			const level = AUDIT_RISK_ORDER[audit.risk] ?? 0;
+			if (level > max) max = level;
+		}
+	}
+	if (max >= 4) return "critical";
+	if (max >= 3) return "high";
+	return null;
+}
 async function presentScanResults(results, options) {
 	const allFindings = results.flatMap((r) => r.findings.map((f) => ({
 		...f,
 		skillName: r.skillName
 	})));
 	const allUrls = [...new Set(results.flatMap((r) => r.urls))];
+	const skillNames = results.map((r) => r.skillName);
 	const vtVerdicts = /* @__PURE__ */ new Map();
+	let auditData = null;
+	let auditFailed = false;
 	let vtEscalate = false;
-	if (options.vtKey && options.skillContents) for (const [skillName, content] of options.skillContents) try {
-		const verdict = await checkSkillOnVT(content, options.vtKey);
-		vtVerdicts.set(skillName, verdict);
-		if (verdict.found && verdict.verdict === "malicious") vtEscalate = true;
-	} catch {}
-	if (allFindings.length === 0 && !vtEscalate) {
+	let auditEscalate = null;
+	await Promise.all([(async () => {
+		if (options.vtKey && options.skillContents) for (const [skillName, content] of options.skillContents) try {
+			const verdict = await checkSkillOnVT(content, options.vtKey);
+			vtVerdicts.set(skillName, verdict);
+			if (verdict.found && verdict.verdict === "malicious") vtEscalate = true;
+		} catch {}
+	})(), (async () => {
+		if (options.auditSource) {
+			const data = await fetchAuditData(options.auditSource, skillNames);
+			if (data) {
+				auditData = data;
+				auditEscalate = maxAuditRisk(skillNames, data);
+			} else auditFailed = true;
+		}
+	})()]);
+	const anyEscalation = vtEscalate || auditEscalate !== null;
+	if (allFindings.length === 0 && !anyEscalation) {
 		M.success(import_picocolors.default.green("Security scan passed — no issues found"));
 		if (vtVerdicts.size > 0) for (const [, verdict] of vtVerdicts) displayVTVerdict(verdict);
+		if (auditData && options.auditSource) displayAuditResults(skillNames, auditData, options.auditSource);
+		if (auditFailed) M.warn(import_picocolors.default.yellow("skills.sh audit unavailable — third-party risk data could not be fetched"));
 		if (allUrls.length > 0) return displayUrlsAndPrompt(allUrls, options);
 		return true;
 	}
@@ -3363,6 +3490,11 @@ async function presentScanResults(results, options) {
 		console.log();
 		for (const [, verdict] of vtVerdicts) displayVTVerdict(verdict);
 	}
+	if (auditData && options.auditSource) {
+		console.log();
+		displayAuditResults(skillNames, auditData, options.auditSource);
+	}
+	if (auditFailed) M.warn(import_picocolors.default.yellow("skills.sh audit unavailable — third-party risk data could not be fetched"));
 	if (allUrls.length > 0) {
 		console.log();
 		M.info(`External URLs found in skill files (${allUrls.length}):`);
@@ -3370,24 +3502,18 @@ async function presentScanResults(results, options) {
 	}
 	console.log();
 	if (vtEscalate) overallMax = "critical";
+	if (auditEscalate === "critical") overallMax = "critical";
+	else if (auditEscalate === "high" && SEVERITY_ORDER[overallMax] < SEVERITY_ORDER["high"]) overallMax = "high";
 	if (SEVERITY_ORDER[overallMax] <= SEVERITY_ORDER["medium"]) {
 		M.info(import_picocolors.default.dim("Low/medium severity findings — proceeding with installation"));
 		return true;
 	}
-	if (overallMax === "critical") {
-		M.error(import_picocolors.default.red(import_picocolors.default.bold("Critical security issues detected. This skill may be malicious.")));
-		const confirmed = await ye({
-			message: import_picocolors.default.red("Install anyway? This is strongly discouraged."),
-			initialValue: false
-		});
-		if (pD(confirmed) || !confirmed) return false;
-		return true;
-	}
-	if (options.yes) {
-		M.warn(import_picocolors.default.yellow("High severity findings detected — proceeding (--yes flag set)"));
-		return true;
-	}
-	const confirmed = await ye({ message: import_picocolors.default.yellow("Security warnings found. Continue with installation?") });
+	if (overallMax === "critical") M.error(import_picocolors.default.red(import_picocolors.default.bold("Critical security issues detected. This skill may be malicious.")));
+	else M.error(import_picocolors.default.red("High severity security issues detected."));
+	const confirmed = await ye({
+		message: import_picocolors.default.yellow("Install anyway?"),
+		initialValue: false
+	});
 	if (pD(confirmed) || !confirmed) return false;
 	return true;
 }
@@ -3414,6 +3540,16 @@ function resolveExternalRules(options) {
 	_externalRulesCache.set(key, loaded);
 	return loaded;
 }
+function extractAuditSource(sourceUrl) {
+	if (!sourceUrl?.includes("github.com")) return void 0;
+	try {
+		const parts = new URL(sourceUrl).pathname.slice(1).replace(/\.git$/, "").split("/").filter(Boolean);
+		if (parts.length < 2) return void 0;
+		return parts.slice(0, 2).join("/");
+	} catch {
+		return;
+	}
+}
 function shortenPath$1(fullPath, cwd) {
 	const home = homedir();
 	if (fullPath === home || fullPath.startsWith(home + sep)) return "~" + fullPath.slice(home.length);
@@ -3673,10 +3809,12 @@ async function handleRemoteSkill(source, url, options, spinner) {
 		});
 		const vtKey = options.vtKey || process.env.VT_API_KEY;
 		const skillContents = vtKey ? new Map([[remoteSkill.installName, remoteSkill.content]]) : void 0;
+		const auditSource = extractAuditSource(remoteSkill.sourceUrl);
 		if (!await presentScanResults([scanResult], {
 			yes: options.yes,
 			vtKey,
-			skillContents
+			skillContents,
+			auditSource
 		})) {
 			xe("Installation cancelled due to security concerns");
 			process.exit(0);
@@ -4348,6 +4486,7 @@ async function runAdd(args, options = {}) {
 			}
 			selectedSkills = selected;
 		}
+		const auditSource = getOwnerRepo(parsed) ?? void 0;
 		let targetAgents;
 		const validAgents = Object.keys(agents);
 		if (options.agent?.includes("*")) {
@@ -4488,7 +4627,8 @@ async function runAdd(args, options = {}) {
 			if (!await presentScanResults(scanResults, {
 				yes: options.yes,
 				vtKey,
-				skillContents
+				skillContents,
+				auditSource
 			})) {
 				xe("Installation cancelled due to security concerns");
 				await cleanup(tempDir);
@@ -4701,7 +4841,14 @@ const RESET$2 = "\x1B[0m";
 const BOLD$2 = "\x1B[1m";
 const DIM$2 = "\x1B[38;5;102m";
 const TEXT$1 = "\x1B[38;5;145m";
+const CYAN$1 = "\x1B[36m";
 const SEARCH_API_BASE = process.env.SKILLS_API_URL || "https://skills.sh";
+function formatInstalls(count) {
+	if (!count || count <= 0) return "";
+	if (count >= 1e6) return `${(count / 1e6).toFixed(1).replace(/\.0$/, "")}M installs`;
+	if (count >= 1e3) return `${(count / 1e3).toFixed(1).replace(/\.0$/, "")}K installs`;
+	return `${count} install${count === 1 ? "" : "s"}`;
+}
 async function searchSkillsAPI(query) {
 	try {
 		const url = `${SEARCH_API_BASE}/api/search?q=${encodeURIComponent(query)}&limit=10`;
@@ -4751,8 +4898,10 @@ async function runSearchPrompt(initialQuery = "") {
 				const arrow = isSelected ? `${BOLD$2}>${RESET$2}` : " ";
 				const name = isSelected ? `${BOLD$2}${skill.name}${RESET$2}` : `${TEXT$1}${skill.name}${RESET$2}`;
 				const source = skill.source ? ` ${DIM$2}${skill.source}${RESET$2}` : "";
+				const installs = formatInstalls(skill.installs);
+				const installsBadge = installs ? ` ${CYAN$1}${installs}${RESET$2}` : "";
 				const loadingIndicator = loading && i === 0 ? ` ${DIM$2}...${RESET$2}` : "";
-				lines.push(`  ${arrow} ${name}${source}${loadingIndicator}`);
+				lines.push(`  ${arrow} ${name}${source}${installsBadge}${loadingIndicator}`);
 			}
 		}
 		lines.push("");
@@ -4865,7 +5014,8 @@ ${DIM$2}  2) npx skills add <owner/repo@skill>${RESET$2}`;
 		console.log();
 		for (const skill of results.slice(0, 6)) {
 			const pkg = skill.source || skill.slug;
-			console.log(`${TEXT$1}${pkg}@${skill.name}${RESET$2}`);
+			const installs = formatInstalls(skill.installs);
+			console.log(`${TEXT$1}${pkg}@${skill.name}${RESET$2}${installs ? ` ${CYAN$1}${installs}${RESET$2}` : ""}`);
 			console.log(`${DIM$2}└ https://skills.sh/${skill.slug}${RESET$2}`);
 			console.log();
 		}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skillsio",
-  "version": "1.1.1",
+  "version": "1.1.3",
   "description": "The SECURE open agent skills ecosystem",
   "type": "module",
   "bin": {
@@ -46,6 +46,7 @@
     "codex",
     "command-code",
     "continue",
+    "cortex",
     "crush",
     "cursor",
     "droid",
@@ -74,7 +75,8 @@
     "zencoder",
     "neovate",
     "pochi",
-    "adal"
+    "adal",
+    "universal"
   ],
   "repository": {
     "type": "git",