Security Audits Now Live on skills.sh

Vercel has introduced automated security audits for skills on skills.sh, leveraging partnerships with Gen, Socket, and Snyk to provide independent security validation at scale. These audits cover over 60,000 skills and counting, helping developers make informed decisions when integrating third-party skills into their projects.

Key Features and Improvements

The new security audit system includes:

• Transparent Results: Security audit reports appear publicly on each skill's detail page, allowing developers to review findings before installation.
• Automatic Protection: Skills flagged as malicious are automatically hidden from the leaderboard and search results. Direct navigation to flagged skills displays a warning before installation.
• Installation Validation: Starting with skills@1.4.0, the skills CLI displays audit results and risk levels during the installation process.

Developer Impact

Developers using skills.sh can now confidently browse and integrate skills with clear visibility into security posture. The automated audits reduce the burden of manual security reviews while maintaining ecosystem trust through transparent reporting and aggressive filtering of malicious packages.