Summary
When you're publishing Claude skills on skills.sh or Tessl, this walks you through interpreting their security and quality audits, then fixing what they flag. It covers the three skills.sh scanners (Gen Agent Trust Hub, Socket, Snyk) and how to read their Pass/Warn/Fail verdicts on individual skill pages, not just repo listings. Most findings fall into a few buckets: credential handling (stop telling agents to paste tokens in config files), indirect prompt injection (don't let fetched API responses control agent behavior), and unverifiable dependencies (add provenance notes for your own tools, pin versions for everyone else's). The Tessl section decodes their activation and implementation scores, which mostly catch vague descriptions and bloated instructions. Includes reusable remediation templates so you can fix the same issue across twenty skills without rewriting the guidance each time.
Install to Claude Code
npx -y skills add dbt-labs/dbt-agent-skills --skill auditing-skills --agent claude-codeInstalls into .claude/skills of the current project.
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Files
SKILL.md
Select a file.
Featured
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
