SECURITY REVIEW PROCESS

find-skills

Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable ski

$ skillvault review find-skills

→ Fetching SKILL.md from https://github.com/vercel-labs/skills...

→ Running Stage 1 automated scan...

✓ Stage 1 PASSED — Risk score: 0/100

✓ Stage 2 PASSED — Human review complete

✓ Stage 3 PASSED — Sandbox execution clean

✓ Skill signed and published to registry

✅

Stage 01

Automated Scan

Checked prompt injection, IoC matches, credential paths, shell commands, network calls. Score: 0/100

✅

Stage 02

Human Review

Automated review. Risk: very_low. Score: 0/100.

✅

Stage 03

Sandbox Execution

Skill executed in isolated container. Network traffic and file access logged. Zero deviations from declared behavior.

✅

Stage 04

Cryptographic Signing

SHA-256 hash of skill directory signed via Sigstore keyless signing. Logged in public transparency log.

Full Scan Findings

Prompt injectionCLEAN

Known IoC matchesNONE

Network calls2 DECLARED

Credential pathsNONE

Shell commandsNONE

Social engineering0/100

Final verdictAPPROVED

View Security Report Card →