Typed contract, not freeform prose
Every skill declares its intent, triggers, inputs and outputs, ordered steps, required permissions, and verification checks โ so the same package means the same thing to every agent and host.
Seal, verify, and prove provenance for the skills your agents run. .skill doesn't replace your SKILL.md, it wraps it in a typed contract, an integrity seal, and provenance, so the same skill keeps working everywhere Agent Skills are supported, and gains inspect-before-run trust on top.
The Agent Skills ecosystem has three layers, and skillerr owns the third, complementary to the other two, not competing with either:
| Layer | Job | Who |
|---|---|---|
| Authoring | Defines the SKILL.md format itself | Agent Skills spec |
| Distribution | Installs a skill onto your machine | vercel-labs/skills, skills.sh |
| Trust / integrity | Seals, signs, records provenance, lets you inspect before you run | skillerr |
npx skills add owner/repo installs unverified instructions and executable scripts from any repo, with no integrity or provenance check. Distribution tools install a skill; skillerr lets you verify one, its integrity, issuer, and provenance, before you run it.
No telemetry, no tracking. skillerr makes no network calls unless you explicitly opt in (--transparency, --keyless, --online).
npm i -g skillerrNode โฅ 20. skillerr is the reference CLI (bin: skill).
Humans install once, then direct your agent:
npm i -g skillerr # reference CLI, bin: skillAgents start by reading their own instructions:
skill agent-guide # the exact create / inspect / handoff protocolSimplest โ just ask
npm i -g skillerr
Then tell your AI:
"Use skillerr to turn this conversation into a .skill I can reuse."Inspect before run
Inspect ./file.skill TrustView without executing. Validate, then dry-run.
Summarize trust warnings. Do not execute for real unless I ask.More starters: Getting started ยท Convert a SKILL.md ยท Evaluate & score ยท Agents ยท Workflows ยท Full CLI reference
Trust is explicit and layered โ you choose how much you need, and verifiers can always tell which rung a package sits on:
A seal proves who issued a package and that it hasn't changed โ never that the skill is correct or safe. See What is verifiable.
.skill โexample.skill
โโโ skill.json # manifest, digests, profile, completeness
โโโ workflow.json # runnable steps
โโโ knowledge/ # pinned decisions / rules
โโโ provenance/ # redacted journey + generation_usage
โโโ signatures/ # mint attestation (release)SKILL.md vs. sealed .skill โBare SKILL.md | Sealed .skill | |
|---|---|---|
| Structure | Freeform prose | Typed contract: intent, triggers, I/O, steps, permissions, verification |
| Integrity | None | Content-addressed id + SHA-256 digests; tamper-evident |
| Trust before run | None | Inspect seal, issuer, and verified-vs-self-reported claims without executing |
| Authorship | None | Development โ verified-issuer โ publicly anchored, your choice |
| Handoff | Copy the chat | Continuity package: typed, redacted, resumable |
| Surface | Role |
|---|---|
skillerr | Reference CLI |
@skillerr/protocol | SkillContract, schemas, types |
@skillerr/core | Compile, pack, validate, mint |
@skillerr/runtime | Inspect / dry-run / execute |
@skillerr/workspace | Local .skill/ working tree |
@skillerr/registry | Optional local transparency log |
Agent Skills specification (authoring format) ยท vercel-labs/skills (npx skills add, distribution) ยท skills.sh (directory) ยท Claude Code skills docs