🛡️ SkillShield Back to Site

Frequently Asked Questions

Everything you need to know about SkillShield

A SKILL.md file is a standardized documentation format that describes how an AI model should perform a specific task or use a particular tool. It contains instructions, examples, constraints, and safety guidelines that help AI systems understand and execute the skill correctly.

Our scanning process uses a combination of static analysis, pattern matching, and dynamic sandboxing. We check for malicious code patterns, prompt injection vulnerabilities, data exfiltration attempts, and unexpected behavior in isolated environments. Each scan generates a detailed security report.

Absolutely! Anyone can submit a SKILL.md file for review. Simply create an account, upload your skill file, and our automated systems will begin the security scan. Once verified, your skill will be listed in the directory with full attribution.

Skills that fail our security checks are not listed in the public directory. The submitter receives a detailed report explaining what issues were found. Minor issues can often be fixed and resubmitted. Skills with serious security concerns are quarantined and flagged for manual review.

Yes! Browsing and using verified skills is completely free. We also offer free submissions for open-source skills. For commercial or high-volume submissions, we offer premium plans with priority scanning and additional features.

Skills are self-contained SKILL.md files that define how an AI should perform a task. MCPs (Model Context Protocols) are server-based integrations that allow AI models to connect to external tools and data sources. We scan both for security vulnerabilities.

Skills are automatically rescanned when updated by their authors. We also periodically re-scan the entire directory when new security rules are added to our detection engine. You can see the last scan date on each skill's detail page.

Yes! We offer a public API for searching and retrieving skill information. API access is free for reasonable usage. For high-volume or commercial use, contact us for API key provisioning and rate limit increases.

Still have questions?

Reach out on X/Twitter