skills-discovery_skill

This skill helps you discover and evaluate community skills and plugins, assessing safety and quality before use.
  • TypeScript

25

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill outfitter-dev/agents --skill skills-discovery

  • SKILL.md7.9 KB

Overview

This skill helps you find and evaluate community skills, plugins, and marketplaces so you can reuse proven patterns safely. It guides discovery on public code platforms, applies quality heuristics, and outlines a security-first audit workflow. Use it to decide whether to adopt, adapt, or avoid a community contribution.

How this skill works

The skill searches public projects and curated topic pages to surface candidate skills and plugins, then filters them with practical quality heuristics (recency, usage signals, content clarity). It provides an audit checklist for security surfaces, sandboxing guidance for first runs, and extraction patterns to safely adapt useful logic. It also highlights marketplace and manifest patterns to inspect before installation.

When to use it

  • Searching for existing skills before building from scratch
  • Evaluating a community plugin’s safety and maintenance status
  • Finding design patterns or inspiration for a new skill
  • Auditing a plugin or marketplace entry before installation
  • Preparing a safe first run of untrusted contributions

Best practices

  • Prefer actively maintained projects; check recent commits and issue activity
  • Inspect manifests, hook scripts, and any install scripts before running them
  • Start with minimal permissions and isolated context for the first run
  • Look for clear descriptions and explicit allowed-tool scopes rather than blanket access
  • Document what you installed, why, and any deviations from the original source

Example use cases

  • Locate a marketplace manifest and verify its sources and update policy before adding it to production
  • Shortlist candidate skills by filtering for recent commits and clear allowed-tool restrictions
  • Run a new community plugin in a forked context with model invocation disabled to observe behavior
  • Extract a useful preprocessing hook pattern and adapt only the minimal logic needed
  • Audit hook scripts for network calls and exit-code semantics before allowing side effects

FAQ

Run the skill with minimal allowed tools, use an isolated/forked context, and disable model invocation initially. Monitor tool calls during the first run and expand permissions only after inspection.

What signals indicate a low-quality plugin?

Stale commits, many unresolved issues, vague descriptions, broad tool access without justification, obfuscated or undocumented install scripts, and opaque marketplace sources are common red flags.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational