Skill Federation
Free, private skill search for AI agents
Your agent asks. Skill Federation answers. You approve.
A bare agent solves 17.5% of SkillsBench tasks. With Skill Federation, 22.8% — and your work never leaves your machine.
Your coding agent keeps rebuilding things that a packaged skill already does well — PDF extraction, market sizing, data cleaning, PR review, Slack notifications, SQL reporting. The skills exist, scattered across the open-source ecosystem. The problem is finding the right one mid-task — and every "search a catalog" approach so far means shipping your plan, your brief, or your data to someone's server.
Skill Federation finds skills the privacy-preserving way. Right after you approve a plan, your agent writes an abstract wish-list — "if every skill existed, which would I reach for?" — and the federation matches those wishes against a catalog of vetted skills. Your plan, your files, and your outputs never leave your machine. Only the abstract wishes do.
[!IMPORTANT] Only the abstract wish crosses the boundary — a one-line capability description, ~4 vocabulary-varied paraphrases, 1–5 keywords, and a capability-level sketch of the ideal skill. Every field is "what skill should exist," never your task. Your plan, brief, file contents, and reasoning trace stay local — always.
Here's the entire payload for one wish — the literal string sent for launch-strategy.
It names the capability domain, never your task, plans, or product:
description: plan a multi-channel launch for an open-source developer tool
paraphrases: orchestrate a launch across hacker news reddit and product hunt · plan a
go-to-market launch for a dev tool · coordinate a multi-platform release
announcement · design a launch-day plan for an open-source project
sketch: launch product hunt hacker news waitlist go-to-market campaign ·
channel planning timing asset prep announcement
keywords: launch, gtm, product-hunt, strategy, announcement
That's it — a description, four paraphrases, a capability sketch, and keywords. Your product's name, your unreleased roadmap, and your actual launch plan never appear.
You: /skillfed plan a launch for my open-source dev tool
-> agent writes 4 abstract wishes (paraphrases + a capability sketch).
Only these leave your machine -- never your plan, files, or data.
wish: launch-strategy -> multi-platform-launch review - verified <- selected
wish: repo-discoverability -> github-presence review - verified <- selected
wish: community-building -> community-building review - verified <- selected
wish: growth-analytics -> product-analytics permissive - verified - 221* <- selected
(each picked from 5 ranked candidates in the vetted catalog)
Install the 4 selected? They go in .claude/skills/ with license + source attribution.
🔒 Why it's different
- Privacy floor, by design. Only the abstract wish crosses the boundary — "what skill should exist," never your task. Your plan, brief, file contents, and reasoning trace stay local, always. (Full field-by-field breakdown under Privacy & trust below.)
- Trust before install. Candidates come from a pre-scanned internal registry (Cisco Skill Scanner + NVIDIA SkillSpector), not the wild repo — every one shows its license class, provenance, stars, and source. You approve each install; nothing is pulled silently. (See Security.)
- Native, zero-install. The default tier needs nothing but
curl— already on Windows 10+ and macOS. No Python, no Node, no package manager. (Optional tiers add typed MCP tools if you have Node.)
⚙️ How it works
- Plan. You approve a plan in your agent as usual.
- Wish-list. The agent sketches the ideal skills and writes up to 10 abstract wishes — each with vocabulary-varied paraphrases and a structured capability sketch for high recall. No task specifics.
- Match. The federation runs a fast lexical search per wish (description + paraphrases + flattened sketch) against the vetted, pre-scanned catalog and returns the top candidates.
- Review. The agent picks the best fit (or rejects all) and shows you a trust table.
- Install. On your approval, the chosen skills are fetched from the internal scanned copy
(not the origin repo) into
.claude/skills/with full license + source attribution. - Use. Your agent uses the skill immediately — no reinventing it.
📊 Benchmark
We measured Skill Federation on SkillsBench (coding-agent tasks with deterministic verifiers), with the agent harnessed as Claude Code (Opus 4.6). The catch that makes this a real test: the skill Skillfed retrieves comes from a 26,629-skill snapshot of the public catalog (which holds 87k+ skills overall) with the benchmark's own answer skills removed — so this measures whether independently authored skills transfer to the task, not whether we can re-find the benchmark's hand-written one.
| Condition | What the agent gets | Success |
|---|---|---|
| No skill | bare Claude Code (Opus 4.6) | 17.5% |
| Skillfed | top skill retrieved from the 26,629-skill snapshot | 22.8% |
| Oracle | the task's own hand-written skill — an unreachable upper bound | 36.8% |
Skillfed lifts success from 17.5% to 22.8% — a ~30% relative gain over the bare agent, and recovers ~27% of the gap to an oracle skill it never sees. Most skill-retrieval results test oracle-recovery (the benchmark's own skill sits in the pool); this tests transfer — useful skills pulled from a large, noisy public catalog.
📦 Install
One line — no clone needed. You've already got Node or Python:
# Node — npm
npx skillfed
# Python — uv (or: pipx run skillfed)
uvx skillfed
Prefer Claude Code's plugin system? Add the marketplace and install the plugin:
/plugin marketplace add skill-federation/skill-federation
/plugin install skill-federation@skill-federation
No Node or Python? Ask Claude Code to install the curl version for you:
Install the Skill Federation /skillfed finder from github.com/skill-federation/skill-federation
— run its curl installer (install.ps1 on Windows, install.sh on macOS/Linux), then tell me to
restart Claude Code.
[!TIP] Then restart Claude Code and run
/skillfed <what you're trying to do>— or just approve a plan and the finder offers itself automatically.
Zero runtime — the finder needs only curl (no Node or Python). For the optional tiers
(auto-trigger hook · typed MCP tools · Python/CI helper), flags, scopes, installing from a
checkout, and config-safety details, see install.md.
# Windows (PowerShell) — irm|iex also sidesteps the execution-policy block
irm https://raw.githubusercontent.com/skill-federation/skill-federation/main/install.ps1 | iex
# macOS / Linux
curl -fsSL https://raw.githubusercontent.com/skill-federation/skill-federation/main/install.sh | bash
🛡️ Privacy & trust
[!NOTE] What never crosses: your plan, brief, file contents, outputs, or reasoning trace. What does: only the abstract wish (description + paraphrases + keywords + capability sketch).
- What crosses the boundary: the abstract wish — its one-line
description, ~4 paraphrasedformulationsof it, 1–5keywords, and a structured capabilitysketchof the ideal skill (purpose / inputs / outputs / operations / domain_vocab / section_sketch / tags). The sketch's flattened terms ride inside the search query on every search (they supply the discriminative vocabulary that drives recall); when no skill is found, that same sketch becomes the demand pointer — abstract enough to protect you, detailed enough to auto-build the missing skill. Every field is "what skill should exist", never your task. The wish'snameis display-only and is not sent. - What never crosses: your plan, brief, file contents, outputs, or reasoning trace.
- Two complementary signals, not conflated: a
report_selectionlabels retrieval quality (which shown candidates were right or wrong); areport_demandcaptures the capability gap (what was actually needed). They feed different loops — selection sharpens search, demand drives what gets built next. - Local-first: if you already have a skill installed, your local copy is used as-is — your edits are personalization, never silently overwritten.
🔒 Security
Skill Federation treats every third-party skill as untrusted input. Skills are served from our
internal, pre-scanned registry — never pulled live from the wild repo. At ingestion we copy each
candidate, dedupe it, and scan it; only passing skills are promoted and served. The source link
you see is provenance, not where the skill is fetched from.
Every candidate is best-effort scanned with two independent tools:
- Cisco AI Defense Skill Scanner — YARA/pattern, bytecode, command-taint, behavioral dataflow, LLM-as-judge, and VirusTotal checks for prompt injection, data exfiltration, and malicious code.
- NVIDIA SkillSpector — vulnerability-pattern + LLM analysis with live OSV.dev CVE lookups and a 0–100 risk score.
High/critical findings are rejected or routed to manual review before promotion — the wild catalog never reaches you unfiltered.
Why this matters. NVIDIA's study behind SkillSpector scanned 42,447 public skills and found 26.1% carried at least one vulnerability and 5.2% showed likely malicious intent — and an installed skill runs with your agent's full permissions. Serving straight from public repos would hand roughly one-in-four vulnerable and one-in-twenty malicious skills to your agent; the ingest gate is what keeps them out.
[!NOTE] Scanning is best-effort, not a guarantee. As Cisco's scanner puts it, "no findings ≠ no risk" — a clean scan is not proof a skill is safe. Skill Federation still shows each skill's license, provenance, and source, and nothing installs without your approval.
🔧 Configuration
The finder talks to a federation endpoint over HTTPS. Default is a keyless demo; override it:
export SKILLFED_ENDPOINT="https://your-federation.example.com" # or set in .mcp.json for the npx tier
📁 What's in this repo
install.ps1 / install.sh / install.md auto-detecting installer; works from a clone OR piped (irm|iex, curl|bash)
installer/ npm package `skillfed` — the `npx skillfed` no-clone path
python-installer/ PyPI package `skillfed` — the `uvx skillfed` / `pipx run skillfed` path
scripts/vendor-payload.mjs vendors the 3 payload files into both packages (single source of truth)
integrations/claude-code/ the Claude Code plugin (skill + /skillfed + hook) — canonical payload
integrations/*.py optional Python tier (advanced / CI)
mcp-server/ optional Node MCP tier (typed tools via npx skillfed-mcp)
📄 License
MIT © Skill Federation.