Free, private, vetted skill search for AI agents

Your AI agent,
suddenly great at your job.

Skill Federation finds the right skill the moment your agent needs one — from a 100,000-skill, vetted catalog. No browsing, no vetting, no guessing. It runs privately, on your machine.

finds skills for you ~30% more tasks solved 100k+ skills
Illustration: Skill Federation mascot waving hello
built for → Claude Code more integrations coming → Codex Cursor Gemini
+30% tasks completed, with the right skill Opus 4.6 · SkillsBench

The way it works today

Skills are exploding. Using one is still a chore.

1.7M+

public skill files on GitHub within months of the standard — no licensing checks, no provenance, no evals. You're picking by star count and hoping.

Manual & static

// today's skill workflow

  • 1Find oneDig through GitHub, judge by stars, hope it's not malware.
  • 2Download itCopy files into your project by hand.
  • 3Nag your AI to use itRemind it, every session, that the skill exists.
  • 4Update it — if everNo notifications. You find out it's stale the hard way.
  • Make it betterHand-edit the prompt yourself. It never improves on its own.

How it works

Your agent asks. Skill Federation answers. You approve.

1

Your agent hits a gap

It writes an abstract wish for the skill it needs — never your code, plan, or data.

2

Skill Federation searches the catalog

Returns the best matches in milliseconds, each license-clean, security-checked, and provenance-tracked.

3

You approve

The skill installs into .claude/skills/ and runs privately, on your machine.

your agent · skill-federation
Y
Model this company's market size for the pitch deck.
Your agent hits a gap and asks me for what it's missing:
“market sizing — TAM / SAM / SOM” “competitor landscape scan”
✓ market-sizing-triangulation
license-clean · security-checked · found in milliseconds
Y
You approve it → the skill runs privately, on your machine. ✦

Does it actually help?

A bare agent solves 17.5% of SkillsBench tasks. With Skill Federation, 22.8%.

ConditionWhat the agent getsSuccess
No skill bare Claude Code (Opus 4.6) 17.5%
Skill Federation top skill retrieved from the wild catalog 22.8%
Oracle the task's own hand-written skill — an unreachable upper bound 36.8%

That's a ~30% relative jump — and it closes ~27% of the gap to the oracle: the ideal skill hand-written for each task, which Skill Federation never gets to see.

The hard part isn't handing an agent a skill you already know it needs. It's a task calling for some specific skill nobody flagged in advance — and Skill Federation surfacing a genuinely useful one from a huge, noisy public catalog that holds no purpose-built answer.

Illustration: Skill Federation mascot studying the benchmark

// SkillsBench · retrieval from a 26,629-skill snapshot with the answer skills removed

Private by design

Your work never leaves your machine.

What crosses the boundary

Only an abstract wish — a one-line description, a few vocabulary-varied paraphrases, and 1–5 keywords.

What never crosses

Your plan, brief, file contents, outputs, or reasoning trace. None of it is ever sent.

Trust before install

Every match shows its license class, provenance, source, and any security flags. You approve each install. Local-first — your edits are never silently overwritten.

Security · teams & enterprise

Your engineers are already downloading skills. Who's got their back?

One governed catalog for the whole fleet — like an artifact registry, but for skills. Pre-scanned, never pulled live from the wild repo.

1

Served from a pre-scanned registry

One source of truth every engineer pulls from — instead of a hundred private copies of a random SKILL.md. At ingestion each candidate is copied, deduped, and scanned; only passing skills are promoted. The source link is provenance, not where the skill is fetched from.

2

Two independent scanners

Every candidate is best-effort scanned by Cisco AI Defense (YARA, bytecode, command-taint, dataflow, LLM-as-judge, VirusTotal) and NVIDIA SkillSpector (LLM analysis + live OSV.dev CVE lookups, 0–100 risk score). High/critical findings are rejected or routed to manual review before promotion.

3

Governed & audited

RBAC, version lineage, and a private fork that never leaves your perimeter — the same vetted shelf for everyone, and you can see exactly what's running where.

🚨 NVIDIA scanned 42,447 public skills: 26.1% carried a vulnerability, 5.2% were likely malicious — and a skill runs with your agent's full permissions. Scanning is best-effort (“no findings ≠ no risk”); nothing installs without your approval.

skill-registry · acme-corp
market-sizing-triangulationv4 ✓ vettedlicense ✓
pr-review-guardrailsv2 ✓ vettedlicense ✓
incident-postmortemv7 ✓ vettedlicense ✓
sql-migration-safetyv3 ✓ vettedlicense ✓
240 engineersone governed shelf

Get started

One line. You’ve already got Node or Python.

Node · npm

$ npx skillfed

Python · uv

$ uvx skillfed

or pipx run skillfed

No Node or Python? Just ask Claude Code to install the curl version for you:

Install the Skill Federation /skillfed finder from github.com/skill-federation/skill-federation — run its curl installer (install.ps1 on Windows, install.sh on macOS/Linux), then tell me to restart Claude Code.

Then restart Claude Code and run /skillfed <what you're trying to do> — or just approve a plan and the finder offers itself.

Free. Native — needs only curl.