SkillVaultGet the pack
Audited against Snyk ToxicSkills + OWASP Agentic Skills Top 10

I audited 200 Claude Code skills. 26 of them were trying to steal your tokens.

SkillVault is the 40+ skills that survived. Hand-tested, dependency-pinned, license-clean, prompt-injection-scanned. For Claude Code, Cursor, Codex, and Gemini CLI. One payment, lifetime access.

Get SkillVault, $99 launchSee the audit method
Free 10 page methodology PDF
The full seven-check audit framework, plus the 4 Anthropic source-available skills we rejected and the MIT replacements we wrote. No email required.
Get the methodology PDF
Or read the same content as a blog post: how to audit an AI agent skill.

The skill marketplaces have a security problem.

In February 2026, Snyk security researchers scanned the public Claude Code skill ecosystem. They did not like what they found.

3,984
skills scanned across ClawHub and skills.sh
13.4%
contained at least one critical security issue
36%
shipped with prompt-injection payloads
1,467
malicious payloads identified (credential theft, backdoors, exfiltration)
Source, Snyk ToxicSkills report, Feb 5 2026. Cross-referenced against the OWASP Agentic Skills Top 10 (AST01 Malicious Skills, AST02 Prompt Injection).

What you get.

40+ skills across coding, security, data, docs, ops, marketing, research, and design. Every single one has gone through the seven point audit below.

The seven point audit, every skill

1
Prompt injection scan
Static plus simulated agent run, against the Snyk and OWASP AST02 payload corpus.
2
License check
MIT, Apache 2.0, BSD only. No GPL contamination, no unknown-license forks.
3
Dependency vulnerabilities
All pinned. Run through Snyk Open Source and gitleaks. Zero high or critical CVEs at ship.
4
Network call audit
Every outbound URL is enumerated, classified, and disclosed in the skill manifest.
5
Secret and token exfiltration risk
grep for env access, network sinks, and clipboard hooks. Manually traced.
6
Sandbox vs. real env behavior
Run in a clean container and in a populated dev env. Diff the side effects. No surprises.
7
Maintenance signal
Last commit, open issue ratio, maintainer responsiveness. Stale skills are forked into our org and locked.

Sample audit report

skill: repo-architect
version: 1.4.2 (pinned, forked to skillvault/repo-architect)
license: MIT  PASS
deps: 3 pinned, 0 vulns  PASS
net calls: 1 outbound (github.com api)  PASS
prompt-inj: 0 hits across 412 payloads  PASS
secrets: reads CLAUDE_PROJECT_DIR only  PASS
sandbox vs real: identical side effects  PASS
maint: last commit 9d, 6 open / 102 closed  PASS

verdict: SHIPPED in SkillVault v1, category Coding
Screenshot placeholder. The buyer receives one of these for every shipped skill.

Pricing.

One payment. Lifetime updates. Private GitHub repo access.

Launch, first 200 seats
$99 once
  • 40+ audited skills, all 4 IDEs
  • Lifetime updates
  • Private GitHub repo invite
  • Audit PDF on every skill
Get launch price
Standard
$199 once
  • Everything in Launch
  • Quarterly re-audit reports
  • Priority on new skill requests
  • Bug bounty rewards eligibility
Get standard
Pro plus Discord
$299 once
  • Everything in Standard
  • Private Discord with the auditor
  • Vote on next skills to audit
  • First access to new packs
Get Pro
+ $49 add-on, monthly skill drops. Five newly audited skills every month, dropped into the same private repo. Cancel any time. Available as an order bump at checkout.

All tiers, 14 day no-questions refund. If a shipped skill is ever found to have a vulnerability, we publish the disclosure publicly within 48 hours and pay $200 to the reporter.

FAQ.

Why should I trust this audit?

The methodology document is published in full and free. The kill list is included. Every skill in the pack is forked into the SkillVault GitHub org so the upstream cannot be silently mutated. Bug bounty pays $200 cash for any real vulnerability found in a shipped skill.

Does this work with Cursor and Codex, not just Claude Code?

Yes. Anthropic released the Skills format as an open standard in December 2025. The same SKILL.md works in Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and Windsurf. Each skill in the pack is tagged with the IDEs it was tested in.

How is this different from just downloading skills from GitHub?

You can absolutely do that. You will also be the one running the audit. The Snyk study found 13.4% of public skills carry critical issues. SkillVault is the bundle where someone else did the unglamorous work for you.

What happens when new skills appear?

Standard and Pro tiers get the quarterly re-audit. The $49 monthly drops bump adds five newly audited skills per month. All updates ship to the same private repo, no extra payment.

Refund policy?

14 days, no questions, email reply. We keep the email list so we can warn buyers if a shipped skill is later found compromised. That is the only thing we use the list for.

Want a heads-up when v2 of the bundle drops?

v2 ships in Q3 2026: every v1 skill re-audited against new CVEs, plus ~15 new skills across data, infra, and security categories. Soft secondary capture, no purchase implied.